From a8d2bb309c672bf7408e72cd9867884b06f1c968 Mon Sep 17 00:00:00 2001
From: Claudia <156065008+claudia-at-gepardec@users.noreply.github.com>
Date: Fri, 28 Jun 2024 13:00:43 +0200
Subject: [PATCH] add sbom pipeline

---
 .github/workflows/sbom.yaml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 .github/workflows/sbom.yaml

diff --git a/.github/workflows/sbom.yaml b/.github/workflows/sbom.yaml
new file mode 100644
index 00000000..86b43ca0
--- /dev/null
+++ b/.github/workflows/sbom.yaml
@@ -0,0 +1,32 @@
+name: SBOM
+
+on:
+  push:
+    branches:
+      - sbom
+  workflow_dispatch:
+
+jobs:
+  build-test-push:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        name: checkout
+
+      - name: Cache node modules
+        uses: actions/cache@v1
+        env:
+          cache-name: cache-node-modules
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-build-${{ env.cache-name }}-
+            ${{ runner.os }}-build-
+            ${{ runner.os }}-
+
+      - name: Scan current project
+        uses: anchore/scan-action@v3
+        with:
+          path: "."
+          fail-build: false