From 0b03c46f5294eb7080170117791fd2bd1f3c7fdd Mon Sep 17 00:00:00 2001
From: "ensignia-security-development[bot]"
 <154982038+ensignia-security-development[bot]@users.noreply.github.com>
Date: Fri, 23 Feb 2024 20:22:06 +0000
Subject: [PATCH] Added ensignia.yaml

---
 .github/workflows/ensignia.yaml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 .github/workflows/ensignia.yaml

diff --git a/.github/workflows/ensignia.yaml b/.github/workflows/ensignia.yaml
new file mode 100644
index 0000000..1bec643
--- /dev/null
+++ b/.github/workflows/ensignia.yaml
@@ -0,0 +1,31 @@
+name: Ensignia
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+env:
+  ENSIGNIA_API_HOST: https://staging-control-plane.ensignia.dev
+
+jobs:
+  sbom:
+    name: Ensignia Security Scan
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ensigniasec/ensignia-action@v0.0.2
+
+      - name: Generate SBOM
+        run: syft -q packages dir:./ -o spdx-json > build.spdx-sbom.json
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: build.spdx-sbom.json
+          path: build.spdx-sbom.json
+
+      - name: Upload SBOM
+        run: sigctl submit ./build.spdx-sbom.json