[CRAVEX] SCA Integrations: Anchore #1820

tdruez · 2025-08-20T08:50:46Z

Issue: CRAVEX-integration: Integration with SCA Tools: Anchore #1728

This PR adds support for importing SBOMs generated with Anchore tools.

Changes:

Adapt the load_sbom pipeline to ensure the Anchore SBOMs are fully supported
Add a unit test to ensure the Anchore SBOM support
Add a GitHub workflow that runs every week to ensure the Anchore SBOM support (see below for details)

Workflow

Available at .github/workflows/sca-integration-anchore.yml

Documentation:

# This workflow:
#  1. Generates a CycloneDX SBOM for a container image using Anchore Grype.
#  2. Uploads the SBOM as a GitHub artifact for future inspection.
#  3. Loads the SBOM into ScanCode.io for further analysis.
#  4. Runs assertions to verify that the SBOM was properly processed in ScanCode.io.
#
# It runs on demand, and once a week (scheduled).

Notes

The Grype scan-action is used in the workflow to generate an SBOM that also includes vulnerabilities.

Signed-off-by: tdruez <[email protected]>

tdruez added 8 commits August 20, 2025 12:48

Add GH workflow to generate SBOM with Anchore Syft #1728

2a8a76f

Signed-off-by: tdruez <[email protected]>

Merge branch 'main' into 1728-sca-integrations-anchore

1d2ee30

Add Grype scanner action #1728

fec1b2c

Signed-off-by: tdruez <[email protected]>

debug workflow #1728

4417433

Signed-off-by: tdruez <[email protected]>

debug workflow #1728

0440267

Signed-off-by: tdruez <[email protected]>

debug workflow #1728

ae730d4

Signed-off-by: tdruez <[email protected]>

debug workflow #1728

1a90193

Signed-off-by: tdruez <[email protected]>

Refine the Anchore SCA workflow #1728

d0a7d56

Signed-off-by: tdruez <[email protected]>

tdruez changed the title ~~Add GH workflow to generate SBOM with Anchore Syft #1728~~ Add GH workflow to generate SBOM with Anchore tools #1728 Aug 20, 2025

tdruez added 3 commits August 20, 2025 14:35

Generate a SBOM as test data #1728

f8f774b

Signed-off-by: tdruez <[email protected]>

Revert the workflow to final state #1728

d5cb8e9

Signed-off-by: tdruez <[email protected]>

Add unit test for the Anchore SBOM support #1728

6c604eb

Signed-off-by: tdruez <[email protected]>

tdruez changed the title ~~Add GH workflow to generate SBOM with Anchore tools #1728~~ [CRAVEX] SCA Integrations: Anchore Aug 20, 2025

tdruez merged commit c2f46df into main Aug 20, 2025
14 checks passed

tdruez deleted the 1728-sca-integrations-anchore branch August 20, 2025 13:35

tdruez mentioned this pull request Aug 20, 2025

CRAVEX-integration: Integration with SCA Tools: Anchore #1728

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

[CRAVEX] SCA Integrations: Anchore #1820

[CRAVEX] SCA Integrations: Anchore #1820

Uh oh!

tdruez commented Aug 20, 2025 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

[CRAVEX] SCA Integrations: Anchore #1820

[CRAVEX] SCA Integrations: Anchore #1820

Uh oh!

Conversation

tdruez commented Aug 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Changes:

Workflow

Documentation:

Notes

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

tdruez commented Aug 20, 2025 •

edited

Loading