greenbone/workflows
Aug 2025 – Aug 2025
1 Month active
Languages Used
YAML
Technical Skills
Artifact SigningCI/CDContainer SecurityGitHub ActionsImage ScanningSBOM Generation
Jessica Lai
PROFILE
Jessica Lai
Developed and delivered an automated SBOM generation and signing workflow for the greenbone/workflows repository, focusing on enhancing container security and compliance. The solution leveraged GitHub Actions and YAML to orchestrate SBOM creation using Trivy for specified container images, supporting configurable output formats. By integrating artifact signing and automated registry uploads, the workflow improved provenance and tamper-evidence of released artifacts. Inputs for image details, registry credentials, and signing parameters were incorporated to streamline secure releases and ensure reproducibility. This work reduced manual intervention, strengthened traceability of software components, and contributed to a more robust CI/CD pipeline for secure software delivery.
Overall Statistics
Feature vs Bugs
100%Features
Repository Contributions
1Total
Bugs
0
Commits
1
Features
1
Lines of code
140
Activity Months1
Your Network
35 peopleWork History
August 2025
1 Commits • 1 Features
Aug 1, 2025In August 2025, delivered an automated SBOM generation and signing workflow for greenbone/workflows, enabling consistent transparency of software components and secure artifact signing. Implemented a GitHub Actions workflow that generates an SBOM with Trivy for a target container image, outputs in configurable formats, and signs/pushes the artifact to a registry. The feature reduces manual steps, strengthens compliance and security traceability, and supports faster secure releases. The work integrates with registry credentials and signing parameters to improve the security posture.
1 Commits • 1 Features
Aug 1, 2025In August 2025, delivered an automated SBOM generation and signing workflow for greenbone/workflows, enabling consistent transparency of software components and secure artifact signing. Implemented a GitHub Actions workflow that generates an SBOM with Trivy for a target container image, outputs in configurable formats, and signs/pushes the artifact to a registry. The feature reduces manual steps, strengthens compliance and security traceability, and supports faster secure releases. The work integrates with registry credentials and signing parameters to improve the security posture.
August 2025
Activity
Loading activity data...
Quality Metrics
Correctness90.0%
Maintainability80.0%
Architecture90.0%
Performance80.0%
AI Usage20.0%
Skills & Technologies
Programming Languages
YAML
Technical Skills
Artifact SigningCI/CDContainer SecurityGitHub ActionsImage ScanningSBOM Generation
Repositories Contributed To
Overview of all repositories you've contributed to across your timeline