Merge pull request #15 from Kong/chore/bump-sbom-action

saisatishkarra · web-flow · commit 18aab64870ea · 2023-04-18T17:25:42.000-04:00
chore(sbom-action): bump sbom action to 0.13.4
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,27 @@
+name: Test Shared Actions
+
+on:
+  pull_request:
+    branches:
+    - main
+  push:
+    branches:
+    - main
+
+jobs:
+  test-scan-docker-image:
+    name: Test Scan Docker Image
+    runs-on: ubuntu-22.04
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Login to DockerHub
+      if: success()
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.GHA_DOCKERHUB_PULL_USER }}
+        password: ${{ secrets.GHA_KONG_ORG_DOCKERHUB_PUBLIC_TOKEN }}
+
+    - uses: ./security-actions/scan-docker-image
+      with:
+        image: kong/kong-gateway-dev:latest # no particular reason for the choice of image or tag, just an image for tests
diff --git a/security-actions/scan-docker-image/action.yml b/security-actions/scan-docker-image/action.yml
@@ -71,7 +71,7 @@ runs:
 
     # Must upload artifact for output file parameter to have effect
     - name: Generate SPDX SBOM Using Syft
-      uses: anchore/sbom-action@v0.13.3
+      uses: anchore/sbom-action@v0.13.4
       id: sbom_spdx
       with:
         image: ${{ steps.meta.outputs.scan_image }}
@@ -87,7 +87,7 @@ runs:
         dependency-snapshot: false
 
     - name: Generate CycloneDX SBOM Using Syft
-      uses: anchore/sbom-action@v0.13.3
+      uses: anchore/sbom-action@v0.13.4
       id: sbom_cyclonedx
       with:
         image: ${{ steps.meta.outputs.scan_image }}
