SBOM/VEX generation #16

	name: SBOM/VEX generation

	on:
	workflow_dispatch:


	jobs:
	sbom-vex-scan:
	name: SBOM/VEX Generation
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	project: [ "dvna", "vulnado" ]

	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4

	- name: Generate VEXs (Human)
	uses: aquasecurity/trivy-action@0.28.0
	with:
	scan-type: fs
	format: table
	output: ${{ matrix.project }}.vex
	scan-ref: ./vuln_apps/${{ matrix.project }}
	env:
	TRIVY_DB_REPOSITORY: "ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db"
	TRIVY_JAVA_DB_REPOSITORY: "ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db"

	- name: Upload results
	if: always()
	uses: actions/upload-artifact@v4
	with:
	name: vex-${{ matrix.project }}
	path: ${{ matrix.project }}.vex
	retention-days: 5

Provide feedback