[doc] Examples of generating provenance for SBOM, Vulnerability Scan Results, etc.

slsa-framework / slsa-github-generator

Language-agnostic SLSA provenance generation for Github Actions

Apache License 2.0

412 stars 126 forks source link

[doc] Examples of generating provenance for SBOM, Vulnerability Scan Results, etc. #852

Open ianlewis opened 1 year ago

ianlewis commented 1 year ago

Having some examples of generating provenance for artifacts other than packages or binaries would demonstrate that the generic workflow can be used to generate provenance for files like SBOMs, sarif files, or vulnerability scan results.

laurentsimon commented 1 year ago

for SBOM, https://github.com/microsoft/sbom-tool is a in-build tool which looks useful.

laurentsimon commented 1 year ago

and https://github.com/opensbom-generator/