Container Dependency Submitter

This repository contains a reusable workflow to scan a container image and submit its dependencies to the GitHub Dependency Graph.

Features

📦 Generates SBOM using anchore/sbom-action (Syft)
🚀 Submits to GitHub using scalabrino/sbom-dependency-submission-action
📊 Populates Dependency Graph in the "Insights" tab of your repository

Usage

Reusable Workflow

jobs:
  submit-deps:
    uses: YOUR-ORG/container-dependency-submitter/.github/workflows/submit-dependencies.yml@main
    with:
      image: 'my-image:latest'

Permissions

The calling workflow must have contents: write permission to submit to the Dependency Graph.

permissions:
  contents: write

How it works

Generate SBOM: The workflow uses Syft to generate an SBOM in SPDX JSON format from the specified container image.
Submit: The SBOM is processed and submitted to the GitHub Dependency Submission API.
View: Dependencies appear in the repository's "Insights" -> "Dependency graph" view.

Inputs

Input	Description	Required	Default
`image`	The container image to analyze	Yes	-
`token`	GitHub token	No	`github.token`

License

MIT

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
.github/workflows		.github/workflows
.gitignore		.gitignore
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Container Dependency Submitter

Features

Usage

Reusable Workflow

Permissions

How it works

Inputs

License

About

Uh oh!

Releases

Packages

Uh oh!

AustonIvison/container-dependency-submitter

Folders and files

Latest commit

History

Repository files navigation

Container Dependency Submitter

Features

Usage

Reusable Workflow

Permissions

How it works

Inputs

License

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Packages