-
Notifications
You must be signed in to change notification settings - Fork 116
Project Ideas Create GitHub SBOM action
Philippe Ombredanne edited this page Mar 10, 2022
·
1 revision
This is about to create a scan using a GitHub action, optionally also creating SPDX and CycloneDX outputs. The actions should:
- scan with ScanCode toolkit
- store the scans in JSON. Also store CycloneDX and SPDX
- establish some "failure" conditions based on thing such as: 3.1 a run of DeltaCode and fail on specific changes 3.2 a "policy" violation where specific licenses are found 3.3 other similar conditions based on a certain packages, email, URLs or copyright presence or absence
- design a way to mark failures conditions or policy exceptions as accepted.
This is a medium to large size project idea.