CycloneDX GoMod Generate SBOM
ActionsTags
(2)GitHub action to generate a CycloneDX SBOM for Go modules.
This action uses cyclonedx-gomod to generate SBOMs.
Required The version of cyclonedx-gomod to use. Can be a version range, in which case the latest version matching the range is chosen.
Must either be an existing semantic version (e.g. v0.8.1, 0.8.1), version range or latest.
⚠ Only versions
>= v0.8.1are supported. Specifying versions below that will cause the workflow to fail.
Using
latestis generally not recommended and will produce a warning, as it may fail your workflow unexpectedly due to breaking changes in newer cyclonedx-gomod versions. As of v0.3.0, version ranges are supported. Instead oflatest, consider using^v0,^v0.8or similar instead.
Include Go standard library as component and dependency of the module. Default false.
Include test dependencies. Default false.
Output in JSON format. Default false.
Path to Go module. Default '.'.
Omit serial number. Default false.
Omit "v" version prefix. Default false.
Output path. Default '-' (stdout).
Make the SBOM reproducible by omitting dynamic content. Default false.
Resolve module licenses. Default false.
Type of the main component. Default 'application'.
- name: Generate SBOM JSON
uses: CycloneDX/[email protected]
with:
json: true
output: bom.json
resolve-licenses: true
version: ^v0
- name: Generate SBOM XML
uses: CycloneDX/[email protected]
with:
output: bom.xml
resolve-licenses: true
version: latest
CycloneDX GoMod Generate SBOM is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.
Tags
(2)CycloneDX GoMod Generate SBOM is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.