/cdxgen-action

GitHub action for CycloneDX BOM generator (cdxgen). cdxgen produced bom xml file can be uploaded to dependency track, AppThreat and other commercial Software Composition Analysis (SCA) products

Primary LanguageJavaScriptMIT LicenseMIT

Introduction

This GitHub action wraps the cdxgen tool for generating Software Bill-of-Materials (BOM) for supported projects. Optionally, the generated file can be exported to dependency track or AppThreat server for further oss analysis.

Usage

Simple usage, just print the xml to the console

uses: AppThreat/cdxgen-action@v1

Specifiy parameters for automatic submission to a dependency track or AppThreat server

- uses: AppThreat/cdxgen-action@v1
  with:
    output: "./reports/bom.xml"
    serverUrl: "https://deptrack.appthreat.io"
    apiKey: ${{ secrets.apiKey }}

Submit to server as well as store artefacts

- uses: AppThreat/cdxgen-action@v1
  with:
    output: "./reports/bom.xml"
    serverUrl: "https://deptrack.appthreat.io"
    apiKey: ${{ secrets.apiKey }}

- uses: actions/upload-artifact@v1
  with:
    name: reports
    path: reports