### Example GitHub Actions Workflow for SBOM Upload (YAML) Source: https://github.com/servicenow/vulnerability-response/blob/main/README.md This YAML snippet defines a GitHub Actions workflow. It is triggered on 'push' events affecting specific files or manually via 'workflow_dispatch'. It defines various inputs for configuring the SBOM upload process. The 'sbom-upload' job runs on 'ubuntu-latest' and uses the ServiceNow/vulnerability-response action to perform the upload, mapping the defined inputs and secrets to the action's parameters. ```yaml on: push: paths: - "package.json" - "pnpm-lock.yaml" workflow_dispatch: inputs: gh-account-owner: description: "The account that owns the target SBOM repository." required: true provider: description: "The provider type for the action." required: true type: choice default: "repository" options: - repository - dependencyGraph repository: description: "The repository that holds the target SBOM documents." required: true path: description: "The path to the target SBOM document." required: true lifecycle-stage: description: "Denotes which environment for which this SBOM was generated (i.e., production, pre_production)." required: false fetch-package-info: description: "Fetch Package Info" required: false default: "true" fetch-vulnerability-info: description: "Fetch Vulnerability Info" required: false default: "true" max-status-poll-attempts: description: "The maximum number of status poll attempts." required: false default: "5" status-attempt-interval: description: "The time in ms between status poll attempts." required: false default: "10000" jobs: sbom-upload: runs-on: ubuntu-latest name: SBOM Workspace Upload steps: - name: Upload id: upload uses: ServiceNow/vulnerability-response@v2.0.1 with: snSbomUser: ${{ secrets.SN_SBOM_USERNAME }} snSbomPassword: ${{ secrets.SN_SBOM_PASSWORD }} snInstanceUrl: ${{ secrets.SN_INSTANCE_URL }} ghToken: ${{ secrets.GH_TOKEN }} ghAccountOwner: ${{ inputs.gh-account-owner }} provider: ${{ inputs.provider }} repository: ${{ inputs.repository }} path: ${{ inputs.path }} businessApplicationId: ${{ inputs.business-application-id }} businessApplicationName: ${{ inputs.business-application-name }} buildId: ${{ inputs.build-id }} productModelId: ${{ inputs.product-model-id }} requestedBy: ${{ inputs.requested-by }} lifecycleStage: ${{ inputs.lifecycle-stage }} fetchVulnerabilityInfo: ${{ inputs.fetch-vulnerability-info }} fetchPackageInfo: ${{ inputs.fetch-package-info }} sbomSource: ${{ inputs.source-sbom }} maxStatusPollAttempts: ${{ inputs.max-status-poll-attempts }} statusAttemptInterval: ${{ inputs.status-attempt-interval }} ``` -------------------------------- ### Using ServiceNow Vulnerability Response GitHub Action (YAML) Source: https://github.com/servicenow/vulnerability-response/blob/main/README.md This YAML snippet defines a GitHub Actions workflow that triggers on push events. It sets up a job named 'sbom-upload' running on 'ubuntu-latest' that uses the 'ServiceNow/vulnerability-response@2.0.1' action. The action is configured with various inputs, including secrets for ServiceNow credentials and GitHub token, along with repository details and the path to the SBOM file. ```YAML on: [push] jobs: sbom-upload: runs-on: ubuntu-latest name: SBOM Workspace Upload steps: - name: Upload id: upload uses: ServiceNow/vulnerability-response@2.0.1 with: snSbomUser: ${{ secrets.SN_SBOM_USERNAME }} snSbomPassword: ${{ secrets.SN_SBOM_PASSWORD }} snInstanceUrl: ${{ secrets.SN_INSTANCE_URL }} ghToken: ${{ secrets.GH_TOKEN }} ghAccountOwner: repository: provider: "repository" path: "sboms/sample_sbom.txt" ``` -------------------------------- ### Successful SBOM Upload Result (JavaScript) Source: https://github.com/servicenow/vulnerability-response/blob/main/README.md This snippet shows the JSON structure returned upon a successful upload of an SBOM document using the ServiceNow SBOM Upload GitHub Action. It indicates the status, a success message, and the ID of the created BOM record. ```js { result: { status: 'success', message: 'Queued for processing.', bomRecordId: 'abc123xyzabc123xyzabc123xyzabc123' } } ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.