Build, sign, and compute the SBOM of a container image

2022 - ongoing source code

A reusable Github Action workflow that: builds a container image, scans it with Trivy, pushes it to ECR, signs it with cosign, and computes its SBOM with Syft.