Add vulnerability scan from sbom

lambchop4prez · Sep 14, 2023 · 71886f4 · 71886f4
1 parent 933c205
commit 71886f4
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -55,6 +55,8 @@ jobs:
       uses: anchore/sbom-action@v0.14.3
       with:
         path: ./
+        format: spdx-json
+        output-file: "${{ github.event.repository.name }}-sbom.spdx.json"
 
     - name: Archive nuget package artifacts
       uses: actions/upload-artifact@v3.1.3

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -24,6 +24,16 @@ jobs:
     with:
       version: ${{ needs.build.outputs.version }}
 
+  vulnerability-scan:
+    runs-on: ubuntu-latest
+    needs: [build]
+    steps:
+      - uses: actions/download-artifact@v3.0.2
+        with:
+          name: "${{ github.event.repository.name }}-sbom.spdx.json"
+      - uses: anchore/scan-action@v3
+        with:
+          sbom: "${{ github.event.repository.name }}-sbom.spdx.json"
   ###
   # Publish nuget packages.
   # Only runs on main, or when `+push` is included in a commit message.