Skip to content

feat: shared workflow for sbom export from socket.dev API #1603

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ezebunandu wants to merge 7 commits into
base: main
Choose a base branch
from
Open

feat: shared workflow for sbom export from socket.dev API #1603

ezebunandu wants to merge 7 commits into from
+273 −0

Conversation

@ezebunandu
Copy link

@ezebunandu ezebunandu commented Dec 9, 2025

Adds a shared workflow that can be used to export the SPDX SBOM for a repo enrolled in the socket.dev GitHub app based on the most recent scan.

@ezebunandu ezebunandu requested a review from a team as a code owner December 9, 2025 22:56
@ezebunandu ezebunandu requested a review from a team December 10, 2025 17:21
@ezebunandu ezebunandu changed the title socket sbom export workflow feat: shared workflow for sbom export from socket.dev API Dec 10, 2025
@ezebunandu ezebunandu changed the title feat: shared workflow for sbom export from socket.dev API feat: shared workflow for sbom export from socket.dev API Dec 10, 2025
guicaulada
guicaulada reviewed Dec 11, 2025
View reviewed changes
Copy link
Member

@guicaulada guicaulada left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I left a few comments, they are mostly nits, there's no blocker, they are only recommendations. 🙂

The only blocking thing is that this should be added to our release-please-config.json similar to this diff.

@ezebunandu ezebunandu self-assigned this Dec 11, 2025
guicaulada
guicaulada reviewed Dec 11, 2025
View reviewed changes
Copy link
Member

@guicaulada guicaulada left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome! I caught a few other things on a second look that you might want to change.

If you could, please try to call this action a separate repository on a test workflow with the example of your README so we can have a test run.

@ezebunandu
Copy link
Author

ezebunandu commented Dec 11, 2025

Awesome! I caught a few other things on a second look that you might want to change.

If you could, please try to call this action a separate repository on a test workflow with the example of your README so we can have a test run.

I wouldn't be able to call from this repo until it's merged or is that possible?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@guicaulada guicaulada Awaiting requested review from guicaulada

At least 1 approving review is required to merge this pull request.

Assignees

@ezebunandu ezebunandu

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ezebunandu @guicaulada