Include support for SBOM signing using cosign

anchore / sbom-action

GitHub Action for creating software bill of materials using Syft.

Apache License 2.0

162 stars 28 forks source link

Include support for SBOM signing using cosign #153

Open nwl opened 2 years ago

nwl commented 2 years ago

Once https://github.com/anchore/syft/issues/510 is merged, the SBOM action should be updated to include parameters to sign the SBOM and upload the image and/or attestation to a URL (eg GitHub Package Registry)

developer-guy commented 1 year ago

we (w/@dentrax) can work on this if nobody interested in it @wagoodman