-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathaction.yml
94 lines (83 loc) · 3.31 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
name: "Manifest Cyber SBOM Transmitter"
description: "Transmit an SBOM to your Manifest Cyber account"
inputs:
apiKey:
description: "An API key generated in the Manifest app"
required: false
bomFilePath:
description: "The location of a generated SBOM file. Accepts CycloneDX or SPDX SBOMs in JSON. If a file is not provided, an SBOM will be generated using the parameters below."
required: false
default: "./bom.json"
path:
description: "Path of the target repository to generate an SBOM for"
required: false
relationship:
description: 'Sets the relationship of the SBOM. Must be either "first" or "third" with most cases being "first" for SBOMs generated using the GitHub action.'
required: false
default: "first"
source:
description: "The source of the uploaded SBOM."
required: false
default: "github-action"
sbomName:
description: "The SBOM name, defaults to repository name"
required: false
sbomVersion:
description: "The SBOM version, defaults to environment variable tag, or commit hash"
required: false
sbomOutput:
description: "The SBOM output format, Supports: spdx-json | cyclonedx-json"
required: false
default: "cyclonedx-json"
sbomGenerator:
description: "The SBOM generator, defaults to syft. Supports: syft | trivy | cdxgen | sigstore-bom | spdx-sbom-generator | docker-sbom"
required: false
sbomArtifact:
description: "Boolean to store the generated SBOM as an artifact. An artifact will not be created when set to anything other than `true`."
required: false
default: "true"
sbomPublish:
description: "Boolean to publish the SBOM to the Manifest Cyber platform. Expects either `true` or `false`. When unset, the action will upload if an API Key is present."
required: false
sbomLabels:
description: "A comma separated list of labels to apply to the SBOM."
required: false
sbomGeneratorFlags:
description: "ADVANCED USERS: Flags the Manifest CLI passes through to the generator"
required: false
### v1.2.0 ###
generator:
description: "The SBOM generator, defaults to syft. Supports: syft | trivy | cdxgen | sigstore-bom | spdx-sbom-generator | docker-sbom"
required: false
default: "syft"
generator-version:
description: "The version of the SBOM generator to use. Defaults to the latest version."
required: false
generator-flags:
description: "flags passes through to the generator"
required: false
generator-preset:
description: 'The preset to use for the generator. Defaults to the "recommended" preset.'
required: false
default: "recommended"
generator-config:
description: "The path to the generator configuration file."
required: false
asset-labels:
description: "A comma separated list of labels to apply to the SBOM asset."
required: false
product-id:
description: "The product ID to associate the SBOM with."
required: false
product-labels:
description: "A comma separated list of labels to apply to the SBOM product, will only be applied if the product-id is set."
required: false
active:
description: "set the SBOM as active. Expects either `true` or `false`."
required: false
apiUri:
description: "set the Manifest API endpoint URI."
required: false
runs:
using: "node20"
main: "index.js"