Generate SBOM
Syft SBOM Generator - Reusable Workflow
THIN WRAPPER: This workflow delegates to the scanner-syft composite action. All SBOM generation logic is in: .github/actions/scanner-syft/action.yml
For GHES users: Use the composite action directly instead of this workflow. See: examples/github-enterprise/container-scanning.yml
uses: huntridge-labs/argus/.github/workflows/scanner-syft.yml@0.6.7
Triggers
- Manual dispatch
- Reusable (called by other workflows)
Permissions
| Scope | Access |
|---|---|
contents |
read |
security-events |
write |
actions |
read |
pull-requests |
write |
packages |
read |
Inputs
| Input | Description | Required | Default |
|---|---|---|---|
enable_code_security |
Whether GitHub Code Security is enabled for this repository boolean | No | False |
scan_path |
Directory or file path to scan string | No | . |
scan_image |
Container image to scan (e.g., nginx:latest, ghcr.io/owner/image:tag) string | No | โ |
registry_username |
Username for registry authentication (leave empty for public images) string | No | โ |
output_format |
SBOM output format: cyclonedx-json, spdx-json, syft-json, or table string | No | cyclonedx-json |
Secrets
| Secret | Description | Required |
|---|---|---|
registry_password |
Password/token for registry authentication | No |
Jobs
generate-sbom โ Generate SBOM
Runs on: ubuntu-latest ยท Timeout: 15 minutes ยท Continue on error: Yes
Steps:
- Checkout repository โ
actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - Run Syft SBOM Generator โ
huntridge-labs/argus/.github/actions/scanner-syft@0.6.7
Actions used:
- ๐ฆ
scanner-syftโ Syft SBOM Generator
All Composite Actions Referenced
- ๐ฆ
scanner-syftโ Syft SBOM Generator