try again

devopsabcs-engineering · Feb 12, 2025 · 3e1a26e · 3e1a26e
1 parent 3ec473f
commit 3e1a26e
Showing 1 changed file with 18 additions and 18 deletions.
diff --git a/.github/workflows/devopsshield-sca-anchore-syft.yml b/.github/workflows/devopsshield-sca-anchore-syft.yml
@@ -2,9 +2,9 @@
 # DevOps Shield - The ultimate DevSecOps platform designed to secure your DevOps.
 # https://devopsshield.com
 ##############################################################
-# This is a DevOps Shield - Application Security - Code Security Template. 
+# This is a DevOps Shield - Application Security - Code Security Template.
 
-# This workflow template uses actions that are not certified by DevOps Shield. 
+# This workflow template uses actions that are not certified by DevOps Shield.
 # They are provided by a third-party and are governed by separate terms of service, privacy policy, and support documentation.
 
 # Use this workflow template for integrating code security into your pipelines and workflows.
@@ -16,14 +16,14 @@
 # DevSecOpsControls: SCA
 # Provider: Anchore
 # Categories: Code Scanning, Dockerfile, Dependency Management
-# Description: 
+# Description:
 # Produce Software Bills of Materials based on Anchore's open source Syft tool.
-# Syft is a powerful and easy-to-use open-source tool for generating Software Bill of Materials (SBOMs) for container images and filesystems. 
+# Syft is a powerful and easy-to-use open-source tool for generating Software Bill of Materials (SBOMs) for container images and filesystems.
 # It provides detailed visibility into the packages and dependencies in your software, helping you manage vulnerabilities, license compliance, and software supply chain security.
 # This workflow checks out code, builds an image, performs a container image
 # scan with Anchore's Syft tool, and uploads the results to the GitHub Dependency submission API.
-# Read the official documentation to find out more. 
-# For more information: 
+# Read the official documentation to find out more.
+# For more information:
 # https://github.com/anchore/syft
 # ------------------------------------------------------------
 # Source repository: https://github.com/anchore/sbom-action
@@ -33,7 +33,7 @@ name: Anchore Syft SBOM Scan
 
 on:
   push:
-    branches: [ master ]
+    branches: [master]
 
 jobs:
   anchore-syft-Scan:
@@ -45,16 +45,16 @@ jobs:
       contents: write # required to upload to the Dependency submission API
       actions: read # to find workflow artifacts when attaching release assets
 
-    steps:      
-    - name: Checkout code
-      uses: actions/checkout@v4
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
 
-    - name: Build the Docker image
-      run: docker build . --file Dockerfile --tag localbuild/testimage:latest
+      - name: Build the Docker image
+        run: docker build . --file Dockerfile --tag localbuild/testimage:latest
 
-    - name: Scan the image and upload dependency results
-      uses: anchore/sbom-action@v0
-      with:
-        image: "localbuild/testimage:latest"
-        artifact-name: image.spdx.json
-        dependency-snapshot: true
+      - name: Scan the image and upload dependency results
+        uses: anchore/sbom-action@v0
+        with:
+          image: "localbuild/testimage:latest"
+          artifact-name: image.spdx.json
+          dependency-snapshot: true