Skip to content

chore: add sbom config#1

Open
MateuszMatyska wants to merge 6 commits into
mainfrom
chore/sbom-config
Open

chore: add sbom config#1
MateuszMatyska wants to merge 6 commits into
mainfrom
chore/sbom-config

Conversation

@MateuszMatyska

@MateuszMatyska MateuszMatyska commented Mar 17, 2026

Copy link
Copy Markdown
Collaborator

Pull Request

Description

ISO 27001 requirement

Setup of SBOM.

A Software Bill of Materials (SBOM) is essentially a detailed inventory of all the components and dependencies that make up a software application. It's like a comprehensive list of ingredients for software, specifying everything from open-source libraries and frameworks to third-party modules and their respective versions. SBOMs are crucial for enhancing software security and supply chain risk management by providing transparency and enabling organizations to identify and address potential vulnerabilities.

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update
  • Code refactoring
  • Performance improvement
  • Test addition/update

Related Issues

Changes Made

Testing

Test Results

# Paste test output here
make test
# ...

Checklist

  • My code follows the project's code style guidelines
  • I have performed a self-review of my code
  • I have commented my code, particularly in hard-to-understand areas
  • I have updated the documentation accordingly
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Pre-commit checks pass (make pre-commit)
  • I have updated CHANGELOG.md (if applicable)

Screenshots (if applicable)

Additional Notes

@Patys Patys requested a review from Copilot March 20, 2026 08:09
Copilot AI reviewed Mar 20, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds SBOM and security/license scanning to the existing GitHub Actions CI workflow to support ISO 27001 compliance requirements.

Changes:

  • Introduces a new sbom_scan job that generates a CycloneDX SBOM via Syft and scans it with Grype.
  • Adds ORT execution and uploads SBOM / vulnerability / ORT outputs as workflow artifacts.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/pre-commit.yml Outdated
Comment thread .github/workflows/pre-commit.yml Outdated
Comment thread .github/workflows/pre-commit.yml Outdated
Comment thread .github/workflows/pre-commit.yml Outdated
Comment thread .github/workflows/pre-commit.yml Outdated
Comment thread .github/workflows/pre-commit.yml Outdated
@Patys Patys requested a review from Copilot March 23, 2026 10:32
Copilot AI reviewed Mar 23, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 3 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/security-scaner.yml Outdated
Comment thread .github/workflows/security-scaner.yml Outdated
Comment thread .github/workflows/security-scaner.yml Outdated
@MateuszMatyska MateuszMatyska requested a review from Copilot March 23, 2026 15:08
Copilot AI reviewed Mar 23, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@MateuszMatyska MateuszMatyska requested a review from Copilot March 23, 2026 17:27
Copilot AI reviewed Mar 23, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread docs/security.md Outdated
@MateuszMatyska MateuszMatyska requested a review from Copilot March 23, 2026 17:43
Copilot AI reviewed Mar 23, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread docs/security.md
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MateuszMatyska