Skip to content
SBOM & Security Scan

SBOM & Security Scan #2

Sign in to view logs

SBOM & Security Scan

SBOM & Security Scan #2

Workflow file for this run

.github/workflows/sbom.yml at 8457554
# SBOM & Security Scan - Calls Org-Level Reusable Workflow
# This is a lightweight caller workflow that invokes the organization's
# shared SBOM generation and security scanning workflow.
#
# Features:
# - CycloneDX SBOM generation
# - Trivy vulnerability scanning
# - License compliance checking
# - SARIF upload to GitHub Security tab
name: SBOM & Security Scan
on:
pull_request:
paths:
- "pyproject.toml"
- "uv.lock"
- ".github/workflows/sbom.yml"
push:
branches:
- main
- master
- develop
paths:
- "pyproject.toml"
- "uv.lock"
schedule:
# Weekly scan every Monday at 8:00 AM UTC
- cron: "0 8 * * 1"
workflow_dispatch:
permissions:
contents: read
security-events: write
jobs:
sbom:

Check failure on line 36 in .github/workflows/sbom.yml

View workflow run for this annotation

GitHub Actions / SBOM & Security Scan

Invalid workflow file 

The workflow is not valid. .github/workflows/sbom.yml (Line: 36, Col: 3): Error calling workflow 'ByronWilliamsCPA/.github/.github/workflows/python-sbom.yml@main'. The workflow is requesting 'actions: read, artifact-metadata: read, attestations: read, checks: read, deployments: read, discussions: read, issues: read, models: read, packages: read, pages: read, pull-requests: read, repository-projects: read, statuses: read, id-token: read', but is only allowed 'actions: none, artifact-metadata: none, attestations: none, chec[...]
name: SBOM & Security
uses: ByronWilliamsCPA/.github/.github/workflows/python-sbom.yml@main
with:
python-version: '3.12'
fail-on-vulnerabilities: true
severity-threshold: 'CRITICAL,HIGH'
artifact-retention-days: 90
fail-on-forbidden-licenses: false