From 7a9d8588d80aeb9c082f82cd90aeb1af98f6b5e2 Mon Sep 17 00:00:00 2001
From: Srinandan Sridhar <13950006+srinandan@users.noreply.github.com>
Date: Tue, 20 Aug 2024 13:35:47 -0700
Subject: [PATCH] chore: adds sbom to docker images #523 (#524)

---
 .github/workflows/docker-publish.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index 27eb019e6..3250427f3 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -42,6 +42,7 @@ jobs:
       contents: read
       packages: write
       id-token: write
+      attestations: write
 
     steps:
       - name: Checkout repository
@@ -89,10 +90,12 @@ jobs:
       # https://github.com/docker/build-push-action
       - name: Build and push Docker image
         id: build-and-push
-        uses: docker/build-push-action@v4.0.0
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: Dockerfile
+          sbom: true
+          provenance: mode=max
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}