Syft SBOM Generator
Generate Software Bill of Materials (SBOM) using Syft
uses: huntridge-labs/argus/.github/actions/scanner-syft@0.6.7
| Input |
Description |
Required |
Default |
scan_path |
Directory or file path to scan for SBOM generation |
No |
. |
scan_image |
Container image to scan (e.g., nginx:latest, ghcr.io/owner/image:tag). If provided, takes precedence over scan_path. |
No |
— |
output_format |
SBOM output format: cyclonedx-json, spdx-json, syft-json, or table |
No |
cyclonedx-json |
registry_username |
Username for container registry authentication (for image scanning) |
No |
— |
registry_password |
Password/token for container registry authentication |
No |
— |
post_pr_comment |
Whether to post PR comments |
No |
true |
enable_code_security |
Upload SBOM to GitHub Dependency Graph (requires contents: write permission) |
No |
false |
artifact_name_suffix |
Suffix for artifact naming (useful for matrix builds) |
No |
— |
Outputs
| Output |
Description |
sbom_file |
Path to the generated SBOM file |
component_count |
Number of components/packages found |
scan_target |
What was scanned (path or image reference) |