diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index d9c9d61..2316518 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -19,6 +19,15 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph + uses: aquasecurity/trivy-action@0.20.0 + with: + scan-type: 'fs' + format: 'github' + output: 'dependency-results.sbom.json' + image-ref: '.' + github-pat: ${{ secrets.GITHUB_TOKEN }} + - name: Attempt Build run: docker build . --file Dockerfile -t $IMAGE_NAME