Open rigzba21 opened 4 months ago
https://github.com/kyverno/kyverno/blob/03c6635b6c367aa7f56ec0f5f15f3fbb4330f7f8/.github/actions/publish-image/action.yaml#L58-L88 is an example GitHub Actions workflow to generate a CycloneDX format SBOM, signed with cosign.
Feature description
Generate a software-bill-of-materials (SBOM) supply-chain security artifact in CI.
Value and/or benefit
Improve supply-chain security by generating a SBOM artifact in CI.
Anything else?
No response