CycloneDX GoMod Generate SBOM
ActionsTags
(2)GitHub action to generate a CycloneDX SBOM for Go modules.
This action uses cyclonedx-gomod to generate SBOMs.
Required The version of cyclonedx-gomod to use.
Must either be an existing semantic version (e.g. v0.8.1, 0.8.1) or latest.
⚠ Only versions
>= v0.8.1are supported. Specifying versions below that will cause the workflow to fail.
Using
latestis generally not recommended and will produce a warning, as it may fail your workflow unexpectedly due to breaking changes in newer cyclonedx-gomod versions.
Include Go standard library as component and dependency of the module. Default false.
Include test dependencies. Default false.
Output in JSON format. Default false.
Path to Go module. Default '.'.
Omit serial number. Default false.
Omit "v" version prefix. Default false.
Output path. Default '-' (stdout).
Make the SBOM reproducible by omitting dynamic content. Default false.
Resolve module licenses. Default false.
Type of the main component. Default 'application'.
- name: Generate SBOM JSON
uses: CycloneDX/gh-gomod-generate-sbom@main
with:
json: true
output: bom.json
resolve-licenses: true
version: v0.8.1
- name: Generate SBOM XML
uses: CycloneDX/gh-gomod-generate-sbom@main
with:
output: bom.xml
resolve-licenses: true
version: latest
CycloneDX GoMod Generate SBOM is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.
Tags
(2)CycloneDX GoMod Generate SBOM is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.