Skip to content
Create SBOM

Update python-package.yml #21

Sign in to view logs

Update python-package.yml

Update python-package.yml #21

Workflow file for this run

.github/workflows/python-package.yml at 0659846
# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
name: Create SBOM
on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
jobs:
create_sbom:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Python 3.11
uses: actions/setup-python@v3
with:
python-version: 3.11
- name: Install dependencies
run: |
sudo apt-get install jq
python -m pip install --upgrade pip
pip install owasp-depscan
pip install sbomgen
- name: Generate SBOM
run: |
sbomgen -p ${{ github.workspace }}/ -f json
# jq . ${{ github.workspace }}/sbom.json
depscan --bom ${{ github.workspace }}/sbom.json -o ${{ github.workspace }}/vulRep.html
- name: Upload SBOM
uses: actions/upload-artifact@v2
with:
name: sbom-${{ github.run_id }}-${{ github.run_number }}.json
path: ${{ github.workspace }}/sbom.json
- name: Upload vdr
uses: actions/upload-artifact@v2
with:
name: vulRep-${{ github.run_id }}-${{ github.run_number }}.vdr.json
path: ${{ github.workspace }}/sbom.vdr.json
- name: Upload html
uses: actions/upload-artifact@v2
with:
name: vulRep-${{ github.run_id }}-${{ github.run_number }}.html
path: ${{ github.workspace }}/vulRep.html
- name: Read HTML file
id: read-html
run: |
HTML_BODY=$(cat ${{ github.workspace }}/vulRep.html)
echo "::set-output name=html_body::$HTML_BODY"
- name: Mail Reports
uses: dawidd6/action-send-mail@v3
with:
server_address: smtp.gmail.com
server_port: 587
username: ${{ secrets.GMAIL_USERNAME }}
password: ${{ secrets.GMAIL_PASSWORD }}
to: [email protected], [email protected]
from: [email protected]
subject: "Latest security reports"
html_body: |
"${{ steps.read-html.outputs.html_body }}"
attachments: ${{ github.workspace }}/sbom.json, ${{ github.workspace }}/sbom.vdr.json, ${{ github.workspace }}/vulRep.html