BOMnipotent - SBOM and CSAF Distribution

From the very beginning, BOMnipotent has been built with automation in mind. Who would want to upload a BOM for every release by hand, and who can ensure that they are scanned for vulnerabilities each day?

To make the integration of BOMnipotent into your CI/CD pipeline as easy and seamless as possible, Weichwerke Heidrich Software has now released ready-to-use GitHub Actions.

• Use the setup action to make BOMnipotent Client available in your workflow environment.
• Then use the upload BOM action during every release to publish the accompanying Bill of Materials.
• Lastly, run the vulnerability action within a job that is triggered daily, to check every BOM for new vulnerabilities.

Your pipeline isn’t running on GitHub? Fret not! The actions are intentionally based on bash scripts which you can directly cooperate into your ecosystem.

You will find more details in the BOMnipotent documentation as well as on the respective GitHub pages.