CBOMkit-action

GitHub Action to generate CBOMs.

Usage

on:
  workflow_dispatch:

jobs:
  cbom-scan:
    runs-on: ubuntu-latest
    name: CBOM generation
    permissions:
      contents: write
      pull-requests: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Create CBOM
        uses: PQCA/[email protected]
        id: cbom
      # Allow you to persist CBOM after a job has completed, and share 
      # that CBOM with another job in the same workflow.
      - name: Create and publish CBOM artifact
        uses: actions/upload-artifact@v4
        with:
          name: "CBOM"
          path: ${{ steps.cbom.outputs.filename }}

Supported languages and libraries

The current scanning capabilities of the CBOMkit are defined by the Sonar Cryptography Plugin's supported languages and cryptographic libraries:

Language	Cryptographic Library	Coverage
Java	JCA	100%
	BouncyCastle (light-weight API)	100%¹

While the CBOMkit's scanning capabilities are currently bound to the Sonar Cryptography Plugin, the modular design of this plugin allows for potential expansion to support additional languages and cryptographic libraries in future updates.

We only cover the BouncyCastle light-weight API according to this specification ↩

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
.idea		.idea
src/main		src/main
.gitattributes		.gitattributes
.gitignore		.gitignore
CBOMkit-action.jar		CBOMkit-action.jar
Dockerfile		Dockerfile
README.md		README.md
action.yml		action.yml
pom.xml		pom.xml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CBOMkit-action

Usage

Supported languages and libraries

About

Releases 2

Languages

PQCA/cbomkit-action

Folders and files

Latest commit

History

Repository files navigation

CBOMkit-action

Usage

Supported languages and libraries

Footnotes

About

Topics

Resources

Stars

Watchers

Forks

Releases 2

Languages