Skip to content

CycloneDX/gh-gomod-generate-sbom

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

gh-gomod-generate-sbom

GitHub action to generate a CycloneDX SBOM for Go modules.

This action uses cyclonedx-gomod to generate SBOMs.

Inputs

version

Required. The version of cyclonedx-gomod to use.
Can be a version range, in which case the latest version matching the range is chosen.
Minimum allowed version is v1.0.0. Must either be an existing semantic version (e.g. v1.0.0, 1.0.0) or a version range.

args

Optional. Arguments to pass to cyclonedx-gomod.
Please refer to the cyclonedx-gomod documentation for usage instructions.
When not set, cyclonedx-gomod will only be downloaded, but not executed.
It'll be made available via $PATH and can be used by later steps of the workflow.

Example usage

# Download and invoke cyclonedx-gomod in a single step
- name: Generate SBOM
  uses: CycloneDX/gh-gomod-generate-sbom@v2
  with:
    version: v1
    args: mod -licenses -json -output bom.json

# Just download cyclonedx-gomod and call it in a later step
- name: Download cyclonedx-gomod
  uses: CycloneDX/gh-gomod-generate-sbom@v2
  with:
    version: v1
- name: Generate SBOM
  run: cyclonedx-gomod app -licenses -output bom.xml -main cmd/acme-app