artifact-sbom-publisher

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the Syft installation script from Anchore's public GitHub repository to enable SBOM generation capabilities.
  • [REMOTE_CODE_EXECUTION]: Executes the downloaded Syft installation script through a shell pipeline to install the tool into the build environment.
  • [COMMAND_EXECUTION]: Utilizes standard GitHub Actions and CLI tools (Syft, Trivy, NPM) to build software, generate security metadata, and perform vulnerability scans.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 02:35 PM
Security Audit — agent-trust-hub — artifact-sbom-publisher