Generate a software bill of materials

1 minute read

Generate a software bill of materials (SBOM) from a container image or filesystem artifact using the cloudbees-io/syft-sbom-plugin action, powered by the Anchore Syft scanner. CloudBees Unify registers the SBOM as an artifact alongside the binary for dependency visibility and supply chain traceability.

The binary artifact must be in TAR format before invoking this action.
All CloudBees action repositories are listed at CloudBees, Inc. on GitHub.

Inputs

Table 1. Input details
Input name Data type Required? Description

binary-tar-path

String

Yes

The path of the binary to be scanned.

The binary file must be in the TAR format.

Usage example

In your YAML file, add:

- name: Generate an SBOM with Syft uses: cloudbees-io/syft-sbom-plugin@v1 with: binary-tar-path: /path/to/binary.tar