From 4f1222d0d829e3d86e68a7b5b84155e3a962a1f3 Mon Sep 17 00:00:00 2001
From: Jason Kulatunga <jason@thesparktree.com>
Date: Tue, 17 Oct 2023 06:25:07 -0700
Subject: [PATCH] adding SBOM support

https://depot.dev/blog/build-with-sboms
---
 .github/workflows/docker.yaml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
index 4c786e5f..c3cee157 100644
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@@ -72,3 +72,15 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           build-args: |
             FASTEN_ENV=${{ matrix.flavor == 'sandbox' && 'sandbox' || 'prod' }}
+          sbom: true
+          sbom-dir: ./sbom-output
+      - name: upload SBOM directory as a build artifact
+        uses: actions/upload-artifact@v3.1.0
+        with:
+          path: ./sbom-output
+          name: 'SBOM'
+
+      - name: upload spdx dependency
+        uses: advanced-security/spdx-dependency-submission-action@v0.0.1
+        with:
+          filePath: ./sbom-output/