This is part of the course DevSecOps. You will see how to create a SBOM in your development process.
- Click on Use this template
to create a new repository in your GitHub account (don't fork it), and make sure to set the visibility to "Public".
- The GitHub actions should run automatically and be green.
- In
.github/workflows/sbom.yml, uncomment the block labeled "Version 1" to enable the creation of a Software Bill of Materials.- After the next successful run of the GitHub actions, under the created Artifacts, you should now see a "*.spdx.json" file contains the names, versions, and license information for all pieces of software contained within the Docker image.
- Create a new "Release" on GitHub based on the current version of the
mainbranch.- After the next successful run of the GitHub actions, you will find the "*.spdx.json" file automatically attached to the release notes.