This PR enables vulnerability scanning by producing a Software Bill of Materials (SBOM) for this repository. The SBOM will be created by looking at the packages installed (eg. scanning files like requirements.txt or package.lock) and matching them to vulnerabilities by uploading it to EdgeBit. If issues are found in dependency changes, a comment will be made with more info. Otherwise, the bot is silent — but you can [view cumulative results]() at any time.
EdgeBit is real-time SCA connected to your server fleet, so it understands which code is active or dormant in this app. Vulnerabilities in dormant code are deprioritized to save you time.
If this project builds a container with GitHub Actions, EdgeBit was not able to detect it.
Building an SBOM from the container is preferable since it creates a more complete vulnerability report. If this project builds a container, consider closing this PR and adding a workflow step to generate an SBOM. See https://edgebit.io/docs/0.x/install-build-actions/ for details.
This PR enables vulnerability scanning by producing a Software Bill of Materials (SBOM) for this repository. The SBOM will be created by looking at the packages installed (eg. scanning files like
requirements.txtorpackage.lock) and matching them to vulnerabilities by uploading it to EdgeBit. If issues are found in dependency changes, a comment will be made with more info. Otherwise, the bot is silent — but you can [view cumulative results]() at any time.EdgeBit is real-time SCA connected to your server fleet, so it understands which code is active or dormant in this app. Vulnerabilities in dormant code are deprioritized to save you time.
If this project builds a container with GitHub Actions, EdgeBit was not able to detect it. Building an SBOM from the container is preferable since it creates a more complete vulnerability report. If this project builds a container, consider closing this PR and adding a workflow step to generate an SBOM. See https://edgebit.io/docs/0.x/install-build-actions/ for details.