From d4091182f43cd52332a988b1bec5b4830986b90f Mon Sep 17 00:00:00 2001
From: dtrai2 <d.trai282@gmail.com>
Date: Tue, 17 Dec 2024 09:56:07 +0100
Subject: [PATCH] publish sbom

---
 .github/workflows/ci.yml | 4 ++++
 CHANGELOG.md             | 3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 856c0e18f..a4a50f097 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -185,3 +185,7 @@ jobs:
         uses: anchore/sbom-action@v0
         with:
           image: ghcr.io/fkie-cad/logprep:py${{ matrix.python-version }}-${{ github.head_ref }}@${{ steps.build-and-push.outputs.digest }}
+
+      - uses: anchore/sbom-action/publish-sbom@v0
+        with:
+          sbom-artifact-match: ".*\\.spdx$"
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 72ea1f9b2..903a26ea8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -31,7 +31,8 @@ the list is now fixed inside the packaged logprep
 * remove `tldextract` dependency
 * remove `urlextract` dependency
 * fix wrong documentation for `timestamp_differ`
-* add container signatures to image build inside ci pipeline
+* add container signatures to images build in ci pipeline
+* add sbom to images build in ci pipeline
 
 ### Bugfix