So right now the action just generates an SBOM, checks for vulnerabilities and then finishes. I'm trying to think of some additional features that could be included with this action, like a flag on whether you want the vulnerability report from bomber added to the repository, or a flag to pass/fail the action if the bomber report has any vulnerabilities (or a threshold of so many severity issues, etc.).
@djschleen If there are any that sound especially good, I'd love to make a separate issue out of that and start working on new PRs to introduce features!
So right now the action just generates an SBOM, checks for vulnerabilities and then finishes. I'm trying to think of some additional features that could be included with this action, like a flag on whether you want the vulnerability report from bomber added to the repository, or a flag to pass/fail the action if the bomber report has any vulnerabilities (or a threshold of so many severity issues, etc.).
@djschleen If there are any that sound especially good, I'd love to make a separate issue out of that and start working on new PRs to introduce features!