Opinionated GitHub Action for generating high-quality SBOMs
Summary
The sbomify GitHub Action automates SBOM generation, augmentation, and attestation in CI/CD, supporting CycloneDX and SPDX formats. It can generate from lockfiles or Docker images, enrich SBOM data from registries, and provides audit trails, VCS auto-detection, and multi-destination uploads to sbomify or other platforms.