From 988f901ff1284f32f4d64cd12de2a77e31584c20 Mon Sep 17 00:00:00 2001
From: bennsimon <bennsimonotieno@gmail.com>
Date: Thu, 5 Feb 2026 16:21:24 +0100
Subject: [PATCH] check sbom

---
 .github/workflows/scancode.yaml | 35 +++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 .github/workflows/scancode.yaml

diff --git a/.github/workflows/scancode.yaml b/.github/workflows/scancode.yaml
new file mode 100644
index 0000000..2b10719
--- /dev/null
+++ b/.github/workflows/scancode.yaml
@@ -0,0 +1,35 @@
+# This workflow will build and test a golang project
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go
+
+name: comp check
+
+on:
+  push:
+
+jobs:
+
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Use HTTPS instead of SSH for Git cloning
+        run: git config --global url.https://github.com/.insteadOf ssh://git@github.com/
+      - name: Checkout project
+        uses: actions/checkout@v5
+      - name: check size
+        run: |
+          sudo rm -rf \
+          /usr/share/dotnet /usr/local/lib/android /opt/ghc \
+          /usr/local/share/powershell /usr/share/swift /usr/local/.ghcup \
+          /usr/lib/jvm || true
+          
+          sudo du /usr -h --max-depth 2 | sort -h
+          
+          sudo du /opt -h --max-depth 2 | sort -h
+          
+          docker image ls
+          
+          df -h
+      - name: Run GitHub Action for ORT
+        uses: oss-review-toolkit/ort-ci-github-action@main
+        with:
+          run: 'cache-dependencies,analyzer,scanner,evaluator,advisor,reporter,upload-results'