Generate a Software Bill of Materials (SBOM) and attach it to GitHub Releases.
Context
Supply-chain security best practice (OpenSSF). An SBOM in CycloneDX or SPDX format documents all dependencies embedded in the Docker image and release artifacts.
Acceptance Criteria
Reference: best.openssf.org, cyclonedx.org
Generate a Software Bill of Materials (SBOM) and attach it to GitHub Releases.
Context
Supply-chain security best practice (OpenSSF). An SBOM in CycloneDX or SPDX format documents all dependencies embedded in the Docker image and release artifacts.
Acceptance Criteria
Reference: best.openssf.org, cyclonedx.org