Add an example of storing the report in the right place.
Background
The Software-Bill-of-Material is a part of the complete Secure Software Supply Chain together with things like a provenance file.
In order to fetch the SBOM of any used package, there is a convention were to put the files. An OCI can be used for example. (See this blog.)
It would be nice to include an example in this repository how to use this end-to-end in a build-pipeline.
Add an example of storing the report in the right place.
Background
The Software-Bill-of-Material is a part of the complete Secure Software Supply Chain together with things like a provenance file.
In order to fetch the SBOM of any used package, there is a convention were to put the files. An OCI can be used for example. (See this blog.)
It would be nice to include an example in this repository how to use this end-to-end in a build-pipeline.