StepSecurity Logo
LoginStart free
actions/attest-sbom

actions/attest-sbom

Action for generating SBOM attestations for workflow artifacts

GitHubGitHub Repository

27 stars

Composite

Updated 7 days ago

GitHub Actions security score

actions/attest-sbom

Score

7/10

License

MIT License

Maintained

12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10

Vulnerabilities

4 existing vulnerabilities detected

Branch protection

branch protection is not maximal on development and all release branches

Manual code review

-

Secure publishing

-

Signed commits

-

Automated security tools

-

Popular

Used by 102 open-source projects

Security Policy

security policy file detected

Networking Behavior of actions/attest-sbom

This GitHub Action often makes outbound network calls to these destinations, as gathered from public workflows using the Harden-Runner GitHub Action. Harden-Runner offers network egress filtering and runtime security for both GitHub-hosted and self-hosted runners.

Popular DestinationUnknown Destination
Network DestinationOwner
fulcio.sigstore.devSigstoreSigstore
rekor.sigstore.devSigstoreSigstore
api.github.comGitHubGitHub
auth.docker.ioDockerHubDockerHub
index.docker.ioDockerHubDockerHub
production.cloudflare.docker.comDockerHubDockerHub
quay.ioUnknown
ghcr.ioGitHubGitHub
registry-1.docker.ioDockerHubDockerHub
github.comGitHubGitHub
docker-images-prod.6aa30f8b08e16409b46e0173d6de2f56.r2.cloudflarestorage.comDockerHubDockerHub