Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[EdgeBit] Create an SBOM for Vulnerability Scanning #18

Merged
merged 1 commit into from
Nov 7, 2023

Conversation

edgebit-security[bot]
Copy link

This PR enables vulnerability scanning by producing a Software Bill of Materials (SBOM) for this repository. The SBOM will be created by looking at the packages installed (eg. scanning files like requirements.txt or package.lock) and matching them to vulnerabilities by uploading it to EdgeBit. If issues are found in dependency changes, a comment will be made with more info. Otherwise, the bot is silent — but you can view cumulative results at any time.

EdgeBit is real-time SCA connected to your server fleet, so it understands which code is active or dormant in this app. Vulnerabilities in dormant code are deprioritized to save you time.

If this project builds a container with GitHub Actions, EdgeBit was not able to detect it.
Building an SBOM from the container is preferable since it creates a more complete vulnerability report. If this project builds a container, consider closing this PR and adding a workflow step to generate an SBOM. See https://edgebit.io/docs/0.x/install-build-actions/ for details.

@crawford crawford merged commit 4f84f07 into main Nov 7, 2023
3 checks passed
@crawford crawford deleted the edgebit/sbom-qGhN29 branch November 7, 2023 20:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants