From 45c4b79b036b57ff6aae071bb000b309be31c9ba Mon Sep 17 00:00:00 2001
From: Lucie Daeye <lucie.daeye@digitalservice.bund.de>
Date: Thu, 14 Mar 2024 13:44:40 +0100
Subject: [PATCH] Add SBOM

---
 .github/workflows/pipeline.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml
index bdb4a37..1dfae9c 100644
--- a/.github/workflows/pipeline.yml
+++ b/.github/workflows/pipeline.yml
@@ -193,6 +193,10 @@ jobs:
           registry: ${{ env.CONTAINER_REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Create SBOM
+        uses: digitalservicebund/create-sbom@83e9aae27f02a7c3cf6f4c9ab41a311e8ea4d272
+        with:
+          image_name: ${{ env.CONTAINER_IMAGE_NAME }}:${{ env.CONTAINER_IMAGE_VERSION }}
       - name: Sign the published Docker image
         env:
           COSIGN_EXPERIMENTAL: "true"