From d46b61de3eef090f928cb021cb58e5592a2da1e3 Mon Sep 17 00:00:00 2001
From: EdgeBit <ci-bot@edgebit.io>
Date: Tue, 7 Nov 2023 20:06:43 +0000
Subject: [PATCH] [EdgeBit] Create an SBOM for Vulnerability Scanning

---
 .github/edgebit/source-syft.yaml | 27 +++++++++++++++++++++++++++
 .github/workflows/sbom.yaml      | 31 +++++++++++++++++++++++++++++++
 2 files changed, 58 insertions(+)
 create mode 100644 .github/edgebit/source-syft.yaml
 create mode 100644 .github/workflows/sbom.yaml

diff --git a/.github/edgebit/source-syft.yaml b/.github/edgebit/source-syft.yaml
new file mode 100644
index 0000000..ab2848f
--- /dev/null
+++ b/.github/edgebit/source-syft.yaml
@@ -0,0 +1,27 @@
+output: syft
+
+check-for-app-update: false
+
+catalogers:
+  - binary
+  - cocoapods
+  - conan
+  - dartlang-lock
+  - dotnet-deps
+  - elixir-mix-lock
+  - erlang-rebar-lock
+  - go-mod-file
+  - go-module-binary
+  - graalvm-native-image
+  - haskell
+  - java
+  - java-gradle-lockfile
+  - java-pom
+  - javascript-lock
+  - php-composer-lock
+  - python-index
+  - python-package
+  - ruby-gemfile
+  - rust-cargo-lock
+  - sbom
+  - swift-package-manager
\ No newline at end of file
diff --git a/.github/workflows/sbom.yaml b/.github/workflows/sbom.yaml
new file mode 100644
index 0000000..62a7910
--- /dev/null
+++ b/.github/workflows/sbom.yaml
@@ -0,0 +1,31 @@
+name: Generate an SBOM from source code
+
+on:
+  pull_request:
+  push:
+    branches:
+      - 'main'
+
+jobs:
+  generate-sbom:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Download Syft
+        id: syft
+        uses: anchore/sbom-action/download-syft@v0.14.2
+
+      - name: Generate SBOM from source code
+        run: "${{ steps.syft.outputs.cmd }} --config .github/edgebit/source-syft.yaml --file /tmp/sbom.syft.json ."
+
+      - name: Upload SBOM to EdgeBit
+        uses: edgebitio/edgebit-build@v1
+        with:
+          edgebit-url: "https://edgebit.edgebit.io"
+          token: ${{ secrets.EDGEBIT_TOKEN }}
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          sbom-file: /tmp/sbom.syft.json
+          component: "edgebitio-sbom-server"
+          tags: ${{ github.ref == 'refs/heads/main' && 'latest' || '' }}