greenbone / docs

Documentation for the Greenbone Community Edition
https://greenbone.github.io/docs/
Creative Commons Attribution Share Alike 4.0 International
24 stars 32 forks source link

Added composite action SBOM SPDX to dependency graph #325

Closed ghost closed 1 year ago

ghost commented 1 year ago

What

Implementing SPDX to Dependency Graph Action.

Why

Improve security posture via the Github Enterprise Advanced Security action to makes it easy to upload an SPDX 2.2 formatted SBOM to GitHub's dependency submission API. This lets you quickly receive Dependabot alerts for package manifests which GitHub doesn't directly support like pnpm or Paket by using existing off-the-shelf SBOM generators.

References

Related to Jira DEVOPS-648 More info spdx-dependency-submission-action and Exporting a software bill of materials for your repository.

Checklist