From 3aed5d263bc0b845a5b4c7797ab49a48d8ed66b0 Mon Sep 17 00:00:00 2001 From: Steve-Glass <84886334+Steve-Glass@users.noreply.github.com> Date: Sun, 26 Mar 2023 22:32:41 -0400 Subject: [PATCH] Update security-hardening-for-github-actions.md to include macOS SBOM (#35858) --- .../security-guides/security-hardening-for-github-actions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/actions/security-guides/security-hardening-for-github-actions.md b/content/actions/security-guides/security-hardening-for-github-actions.md index 21dd57579753..274725b86127 100644 --- a/content/actions/security-guides/security-hardening-for-github-actions.md +++ b/content/actions/security-guides/security-hardening-for-github-actions.md @@ -293,7 +293,7 @@ This list describes the recommended approaches for accessing repository data wit You can view a software bill of materials (SBOM) to see what software was pre-installed on the {% data variables.product.prodname_dotcom %}-hosted runner image used during your workflow runs. You can provide your users with the SBOM which they can run through a vulnerability scanner to validate if there are any vulnerabilities in the product. If you are building artifacts, you can include this SBOM in your bill of materials for a comprehensive list of everything that went into creating your software. -SBOMs are available for Windows and Ubuntu runner images. You can locate the SBOM for your build in the release assets at https://github.com/actions/runner-images/releases. An SBOM with a filename in the format of `sbom..json.zip` can be found in the attachments of each release. +SBOMs are available for Ubuntu, Windows, and macOS runner images. You can locate the SBOM for your build in the release assets at https://github.com/actions/runner-images/releases. An SBOM with a filename in the format of `sbom..json.zip` can be found in the attachments of each release. {% endif %}