artifact-sbom-publisher
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the Syft installation script from Anchore's public GitHub repository to enable SBOM generation capabilities.
- [REMOTE_CODE_EXECUTION]: Executes the downloaded Syft installation script through a shell pipeline to install the tool into the build environment.
- [COMMAND_EXECUTION]: Utilizes standard GitHub Actions and CLI tools (Syft, Trivy, NPM) to build software, generate security metadata, and perform vulnerability scans.
Audit Metadata