Generate SBOM¶
Simply add nais/docker-build-push to your workflow.
- uses: nais/docker-build-push@v0
id: docker-push
with:
team: myteam # required
salsa: true # optional, defaults to true
project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }} # required, but is defined as an organization variable
identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} # required, but is defined as an organization secret
# ... other options removed for readability
Note
Opt-out from salsa
If you want to opt-out from salsa you can set the salsa input to false
Attest sign¶
The nais/docker-build-push
action default push to Google Container Registry (GAR).
If you want to push to another registry, you can use the nais/attest-sign to generate sbom and sign the attestation.