Skip to content

Upload SBOM data to a dependency track instance

This policy will upload SBOM data as generated by workflows to a dependency track instance.

Configuration

  • type - dependency_track_upload

Settings

Setting Necessity Value type Description
artifact_name mandatory string The artifact to look for in workflow runs that contains SBOM data
workflow_filter mandatory string Only consider workflows runs that reference the specified workflows

Example

name: Upload sbom data to sbom.eclipse.org
description: |-
  This policy uploads generated sbom data to sbom.eclipse.org.
type: dependency_track_upload
config:
  artifact_name: "eclipse-sbom-data"
  workflow_filter: ".*/store-sbom-data.yml.*"