File tree Expand file tree Collapse file tree 1 file changed +31
-0
lines changed Expand file tree Collapse file tree 1 file changed +31
-0
lines changed Original file line number Diff line number Diff line change 1+ name : Track Dependencies
2+
3+ on :
4+ workflow_dispatch :
5+ push :
6+ branches :
7+ - main
8+ - ' release/**'
9+
10+ jobs :
11+ dependency_track :
12+ runs-on : ubuntu-latest
13+ steps :
14+ - name : Checkout
15+ uses : actions/checkout@v5
16+ - name : Setup Node
17+ uses : actions/setup-node@v4
18+ with :
19+ node-version : ' 18'
20+ cache : ' yarn'
21+ - name : Enable Corepack
22+ run : corepack enable
23+ - name : Generate SBOM
24+ run : yarn dlx -q @cyclonedx/yarn-plugin-cyclonedx -o sbom.json
25+ - name : Upload CycloneDx bom to dependency track
26+ uses : DependencyTrack/gh-upload-sbom@v3
27+ with :
28+ serverhostname : ${{ secrets.DEPENDENCY_TRACK_SERVER_HOSTNAME }}
29+ apikey : ${{ secrets.DEPENDENCY_TRACK_API_KEY }}
30+ project : ' c22c33e7-cf08-477f-a337-2afddac184d0'
31+ bomfilename : ' sbom.json'
You can’t perform that action at this time.
0 commit comments