From 2ff423c56e0bf3eedd13fdf91ae1e630dc928c14 Mon Sep 17 00:00:00 2001 From: Hugh Nimmo-Smith Date: Wed, 22 Jan 2025 10:58:29 +0000 Subject: [PATCH] Add SBOM attestations to docker images (#61) --- .github/workflows/docker.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 7bc0072..ab19af9 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -53,6 +53,8 @@ jobs: context: . platforms: linux/amd64,linux/arm64 push: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') }} # only push on main branch or release tag + provenance: mode=max + sbom: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-args: |