Skip to content

Commit

Permalink
Update security-hardening-for-github-actions.md to include macOS SBOM…
Browse files Browse the repository at this point in the history
… (#35858)
  • Loading branch information
Steve-Glass authored Mar 27, 2023
1 parent be0b5f6 commit 3aed5d2
Showing 1 changed file with 1 addition and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -293,7 +293,7 @@ This list describes the recommended approaches for accessing repository data wit

You can view a software bill of materials (SBOM) to see what software was pre-installed on the {% data variables.product.prodname_dotcom %}-hosted runner image used during your workflow runs. You can provide your users with the SBOM which they can run through a vulnerability scanner to validate if there are any vulnerabilities in the product. If you are building artifacts, you can include this SBOM in your bill of materials for a comprehensive list of everything that went into creating your software.

SBOMs are available for Windows and Ubuntu runner images. You can locate the SBOM for your build in the release assets at https://github.com/actions/runner-images/releases. An SBOM with a filename in the format of `sbom.<IMAGE-NAME>.json.zip` can be found in the attachments of each release.
SBOMs are available for Ubuntu, Windows, and macOS runner images. You can locate the SBOM for your build in the release assets at https://github.com/actions/runner-images/releases. An SBOM with a filename in the format of `sbom.<IMAGE-NAME>.json.zip` can be found in the attachments of each release.

{% endif %}

Expand Down

0 comments on commit 3aed5d2

Please sign in to comment.