Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add SBOM generation and scanning workflow #153

Merged
merged 5 commits into from
Feb 28, 2024
Merged

Conversation

nfelt14
Copy link
Collaborator

@nfelt14 nfelt14 commented Feb 28, 2024

Proposed changes

This PR adds a workflow that will generate a SBOM and perform a scan of that SBOM.

Types of changes

What types of changes does your code introduce?
Put an x in the boxes that apply

  • CI/CD update (an update to the CI/CD workflows, scripts, and/or configurations)

Checklist

Put an x in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your code.

  • I have followed the guidelines in the CONTRIBUTING document
  • I have signed the CLA
  • I have checked to ensure there aren't other open Pull Requests for the same update/change
  • I have performed a self-review of my code
  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • Basic linting passes locally with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • I have added necessary documentation (if appropriate)
  • I have updated the Changelog with a brief description of my changes

@nfelt14 nfelt14 requested a review from a team as a code owner February 28, 2024 18:02
@tek-githubbot-1010 tek-githubbot-1010 requested a review from a team February 28, 2024 18:02
Copy link

codecov bot commented Feb 28, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (c283006) to head (d838262).

Additional details and impacted files
@@            Coverage Diff            @@
##              main      #153   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files          170       170           
  Lines         3793      3793           
  Branches       648       648           
=========================================
  Hits          3793      3793           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@nfelt14 nfelt14 enabled auto-merge (squash) February 28, 2024 18:06
@nfelt14 nfelt14 merged commit 4a9875e into tektronix:main Feb 28, 2024
38 checks passed
v12ganesh pushed a commit to v12ganesh/tm_devices that referenced this pull request Mar 28, 2024
* ci: Add a workflow that can perform an SBOM generation and scan.

* ci: Update conditional check in SARIF upload step.

* ci: Create a lockfile so that syft can read the dependencies.
Signed-off-by: v12ganesh [email protected]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants