You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've been exploring using the anchore/sbom-action but have a scenario that would require exposing this input.
When using the action with a GitHub matrix to generate SBOMs for multiple images for submitting to the GitHub dependency API, the correlator is getting set to ${workflow}_${job}. I can't see a way to make this different between matrix runs so it is set to the same value for both. GitHub docs seem to suggest the following:
If you're using a build matrix, then you'll also need to add additional key(s) to distinguish between each submission inside a matrix variation.
I've been exploring using the
anchore/sbom-actionbut have a scenario that would require exposing this input.When using the action with a GitHub matrix to generate SBOMs for multiple images for submitting to the GitHub dependency API, the
correlatoris getting set to${workflow}_${job}. I can't see a way to make this different between matrix runs so it is set to the same value for both. GitHub docs seem to suggest the following:It appears the code already supports an input of
dependency-snapshot-correlator: https://github.com/anchore/sbom-action/blob/main/src/github/SyftGithubAction.ts#L422Is it possible to expose this as an input to the action?
The text was updated successfully, but these errors were encountered: