├── .editorconfig ├── .eslintignore ├── .eslintrc.json ├── .gitattributes ├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.yml │ └── feature_request.md ├── dependabot.yml ├── release-drafter.yml └── workflows │ ├── oss-project-board-add.yaml │ ├── release-draft.yml │ ├── release-tag.yml │ ├── remove-awaiting-response-label.yaml │ ├── test.yml │ └── update-syft-release.yml ├── .gitignore ├── .husky └── pre-commit ├── .nvmrc ├── .prettierignore ├── .prettierrc.json ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── DEVELOPING.md ├── LICENSE ├── README.md ├── RELEASE.md ├── action.yml ├── dist ├── attachReleaseAssets │ └── index.js ├── downloadSyft │ └── index.js └── runSyftAction │ └── index.js ├── download-syft └── action.yml ├── jest.config.js ├── jest.env.js ├── llms.txt ├── package.json ├── publish-sbom └── action.yml ├── src ├── Syft.ts ├── SyftVersion.ts ├── attachReleaseAssets.ts ├── downloadSyft.ts ├── github │ ├── Executor.ts │ ├── GithubClient.ts │ ├── SyftDownloader.ts │ ├── SyftGithubAction.ts │ └── Util.ts └── runSyftAction.ts ├── tests ├── GithubClient.test.ts ├── SyftGithubAction.test.ts ├── Util.test.ts ├── fixtures │ ├── content-merge.fixture.json │ ├── image-alpine-match-coverage │ │ ├── Dockerfile │ │ ├── etc │ │ │ └── os-release │ │ └── lib │ │ │ └── apk │ │ │ └── db │ │ │ └── installed │ ├── image-centos-match-coverage │ │ ├── Dockerfile │ │ ├── etc │ │ │ └── os-release │ │ └── var │ │ │ └── lib │ │ │ └── rpm │ │ │ ├── Packages │ │ │ └── generate-fixture.sh │ ├── image-debian-match-coverage │ │ ├── Dockerfile │ │ ├── java │ │ │ ├── example-java-app-maven-0.1.0.jar │ │ │ └── generate-fixtures.md │ │ ├── javascript │ │ │ └── pkg-json │ │ │ │ └── package.json │ │ ├── python │ │ │ └── dist-info │ │ │ │ ├── METADATA │ │ │ │ └── top_level.txt │ │ ├── ruby │ │ │ ├── Gemfile.lock │ │ │ └── specifications │ │ │ │ └── bundler.gemspec │ │ ├── usr │ │ │ └── lib │ │ │ │ └── os-release │ │ └── var │ │ │ └── lib │ │ │ └── dpkg │ │ │ └── status │ ├── localbuild │ │ └── Dockerfile │ ├── npm-project │ │ ├── package-lock.json │ │ └── package.json │ ├── policy_evaluation.fixture.json │ └── yarn-project │ │ ├── package.json │ │ └── yarn.lock ├── integration │ ├── GitHubSnapshot.test.ts │ ├── __snapshots__ │ │ └── GitHubSnapshot.test.ts.snap │ └── syft_config.yaml └── mocks.ts └── tsconfig.json /.editorconfig: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/.editorconfig -------------------------------------------------------------------------------- /.eslintignore: -------------------------------------------------------------------------------- 1 | dist/ 2 | lib/ 3 | node_modules/ 4 | jest.config.js 5 | -------------------------------------------------------------------------------- /.eslintrc.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/.eslintrc.json -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | dist/** linguist-generated=true 2 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/.github/ISSUE_TEMPLATE/bug_report.yml -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/.github/ISSUE_TEMPLATE/feature_request.md -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/.github/dependabot.yml -------------------------------------------------------------------------------- /.github/release-drafter.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/.github/release-drafter.yml -------------------------------------------------------------------------------- /.github/workflows/oss-project-board-add.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/.github/workflows/oss-project-board-add.yaml -------------------------------------------------------------------------------- /.github/workflows/release-draft.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/.github/workflows/release-draft.yml -------------------------------------------------------------------------------- /.github/workflows/release-tag.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/.github/workflows/release-tag.yml -------------------------------------------------------------------------------- /.github/workflows/remove-awaiting-response-label.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/.github/workflows/remove-awaiting-response-label.yaml -------------------------------------------------------------------------------- /.github/workflows/test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/.github/workflows/test.yml -------------------------------------------------------------------------------- /.github/workflows/update-syft-release.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/.github/workflows/update-syft-release.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/.gitignore -------------------------------------------------------------------------------- /.husky/pre-commit: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | . "$(dirname "$0")/_/husky.sh" 3 | 4 | npm run precommit 5 | -------------------------------------------------------------------------------- /.nvmrc: -------------------------------------------------------------------------------- 1 | 20 2 | -------------------------------------------------------------------------------- /.prettierignore: -------------------------------------------------------------------------------- 1 | dist/ 2 | lib/ 3 | node_modules/ 4 | tests/ 5 | -------------------------------------------------------------------------------- /.prettierrc.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/.prettierrc.json -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/CODE_OF_CONDUCT.md -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /DEVELOPING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/DEVELOPING.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/README.md -------------------------------------------------------------------------------- /RELEASE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/RELEASE.md -------------------------------------------------------------------------------- /action.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/action.yml -------------------------------------------------------------------------------- /dist/attachReleaseAssets/index.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/dist/attachReleaseAssets/index.js -------------------------------------------------------------------------------- /dist/downloadSyft/index.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/dist/downloadSyft/index.js -------------------------------------------------------------------------------- /dist/runSyftAction/index.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/dist/runSyftAction/index.js -------------------------------------------------------------------------------- /download-syft/action.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/download-syft/action.yml -------------------------------------------------------------------------------- /jest.config.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/jest.config.js -------------------------------------------------------------------------------- /jest.env.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/jest.env.js -------------------------------------------------------------------------------- /llms.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/llms.txt -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/package.json -------------------------------------------------------------------------------- /publish-sbom/action.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/publish-sbom/action.yml -------------------------------------------------------------------------------- /src/Syft.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/src/Syft.ts -------------------------------------------------------------------------------- /src/SyftVersion.ts: -------------------------------------------------------------------------------- 1 | export const VERSION = "v1.38.0"; 2 | -------------------------------------------------------------------------------- /src/attachReleaseAssets.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/src/attachReleaseAssets.ts -------------------------------------------------------------------------------- /src/downloadSyft.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/src/downloadSyft.ts -------------------------------------------------------------------------------- /src/github/Executor.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/src/github/Executor.ts -------------------------------------------------------------------------------- /src/github/GithubClient.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/src/github/GithubClient.ts -------------------------------------------------------------------------------- /src/github/SyftDownloader.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/src/github/SyftDownloader.ts -------------------------------------------------------------------------------- /src/github/SyftGithubAction.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/src/github/SyftGithubAction.ts -------------------------------------------------------------------------------- /src/github/Util.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/src/github/Util.ts -------------------------------------------------------------------------------- /src/runSyftAction.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/src/runSyftAction.ts -------------------------------------------------------------------------------- /tests/GithubClient.test.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/tests/GithubClient.test.ts -------------------------------------------------------------------------------- /tests/SyftGithubAction.test.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/tests/SyftGithubAction.test.ts -------------------------------------------------------------------------------- /tests/Util.test.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/tests/Util.test.ts -------------------------------------------------------------------------------- /tests/fixtures/content-merge.fixture.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/tests/fixtures/content-merge.fixture.json -------------------------------------------------------------------------------- /tests/fixtures/image-alpine-match-coverage/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM scratch 2 | COPY . . -------------------------------------------------------------------------------- /tests/fixtures/image-alpine-match-coverage/etc/os-release: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/tests/fixtures/image-alpine-match-coverage/etc/os-release -------------------------------------------------------------------------------- /tests/fixtures/image-alpine-match-coverage/lib/apk/db/installed: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/tests/fixtures/image-alpine-match-coverage/lib/apk/db/installed -------------------------------------------------------------------------------- /tests/fixtures/image-centos-match-coverage/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM scratch 2 | COPY . . -------------------------------------------------------------------------------- /tests/fixtures/image-centos-match-coverage/etc/os-release: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/tests/fixtures/image-centos-match-coverage/etc/os-release -------------------------------------------------------------------------------- /tests/fixtures/image-centos-match-coverage/var/lib/rpm/Packages: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/tests/fixtures/image-centos-match-coverage/var/lib/rpm/Packages -------------------------------------------------------------------------------- /tests/fixtures/image-centos-match-coverage/var/lib/rpm/generate-fixture.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/tests/fixtures/image-centos-match-coverage/var/lib/rpm/generate-fixture.sh -------------------------------------------------------------------------------- /tests/fixtures/image-debian-match-coverage/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM scratch 2 | COPY . . -------------------------------------------------------------------------------- /tests/fixtures/image-debian-match-coverage/java/example-java-app-maven-0.1.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/tests/fixtures/image-debian-match-coverage/java/example-java-app-maven-0.1.0.jar -------------------------------------------------------------------------------- /tests/fixtures/image-debian-match-coverage/java/generate-fixtures.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/tests/fixtures/image-debian-match-coverage/java/generate-fixtures.md -------------------------------------------------------------------------------- /tests/fixtures/image-debian-match-coverage/javascript/pkg-json/package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/tests/fixtures/image-debian-match-coverage/javascript/pkg-json/package.json -------------------------------------------------------------------------------- /tests/fixtures/image-debian-match-coverage/python/dist-info/METADATA: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/tests/fixtures/image-debian-match-coverage/python/dist-info/METADATA -------------------------------------------------------------------------------- /tests/fixtures/image-debian-match-coverage/python/dist-info/top_level.txt: -------------------------------------------------------------------------------- 1 | pygments -------------------------------------------------------------------------------- /tests/fixtures/image-debian-match-coverage/ruby/Gemfile.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/tests/fixtures/image-debian-match-coverage/ruby/Gemfile.lock -------------------------------------------------------------------------------- /tests/fixtures/image-debian-match-coverage/ruby/specifications/bundler.gemspec: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/tests/fixtures/image-debian-match-coverage/ruby/specifications/bundler.gemspec -------------------------------------------------------------------------------- /tests/fixtures/image-debian-match-coverage/usr/lib/os-release: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/tests/fixtures/image-debian-match-coverage/usr/lib/os-release -------------------------------------------------------------------------------- /tests/fixtures/image-debian-match-coverage/var/lib/dpkg/status: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/tests/fixtures/image-debian-match-coverage/var/lib/dpkg/status -------------------------------------------------------------------------------- /tests/fixtures/localbuild/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.15.0 2 | -------------------------------------------------------------------------------- /tests/fixtures/npm-project/package-lock.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/tests/fixtures/npm-project/package-lock.json -------------------------------------------------------------------------------- /tests/fixtures/npm-project/package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/tests/fixtures/npm-project/package.json -------------------------------------------------------------------------------- /tests/fixtures/policy_evaluation.fixture.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/tests/fixtures/policy_evaluation.fixture.json -------------------------------------------------------------------------------- /tests/fixtures/yarn-project/package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/tests/fixtures/yarn-project/package.json -------------------------------------------------------------------------------- /tests/fixtures/yarn-project/yarn.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/tests/fixtures/yarn-project/yarn.lock -------------------------------------------------------------------------------- /tests/integration/GitHubSnapshot.test.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/tests/integration/GitHubSnapshot.test.ts -------------------------------------------------------------------------------- /tests/integration/__snapshots__/GitHubSnapshot.test.ts.snap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/tests/integration/__snapshots__/GitHubSnapshot.test.ts.snap -------------------------------------------------------------------------------- /tests/integration/syft_config.yaml: -------------------------------------------------------------------------------- 1 | format: 2 | pretty: true 3 | -------------------------------------------------------------------------------- /tests/mocks.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/tests/mocks.ts -------------------------------------------------------------------------------- /tsconfig.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/anchore/sbom-action/HEAD/tsconfig.json --------------------------------------------------------------------------------