Add GH workflow to generate SBOM with Anchore Syft #1728

Signed-off-by: tdruez <[email protected]>

Author: tdruez

.github/workflows/sca-integration-anchore.yml

@@ -0,0 +1,26 @@
+name: Generate SBOM with Anchore (Syft and Grype) and load into ScanCode.io
+
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+env:
+  IMAGE_REFERENCE: "python:3.13.0-slim"
+
+jobs:
+  generate-and-load-sbom:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Generate CycloneDX SBOM with Anchore Syft
+        uses: anchore/sbom-action@v0
+        with:
+          image: ${{ env.IMAGE_REFERENCE }}
+          format: cyclonedx-json
+          output-file: "anchore-report.sbom.json"
+          upload-artifact: true