From f9fc9e0c2434e2ba210df8082576074c14262137 Mon Sep 17 00:00:00 2001
From: Emilien Mantel <emilien.mantel@triplestack.fr>
Date: Fri, 13 Mar 2026 12:04:51 +0100
Subject: [PATCH] :construction_worker: Enable SBOM and provenance for Docker
 images

---
 .github/workflows/_docker.yml | 3 ++-
 .github/workflows/release.yml | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/_docker.yml b/.github/workflows/_docker.yml
index 284e5c1..d76e0f0 100644
--- a/.github/workflows/_docker.yml
+++ b/.github/workflows/_docker.yml
@@ -43,7 +43,8 @@ jobs:
         with:
           context: .
           push: true
-          provenance: false
+          provenance: mode=max,version=v1
+          sbom: true
           platforms: linux/amd64,linux/arm64
           tags: ${{ inputs.tags }}
           build-args: VERSION=${{ inputs.version }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 4da3b74..e8ca4f1 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -15,6 +15,7 @@ jobs:
     permissions:
       contents: read
       packages: write
+      id-token: write
     uses: ./.github/workflows/_docker.yml
     with:
       tags: |