So right now the action just generates an SBOM, checks for vulnerabilities and then finishes. I'm trying to think of some additional features that could be included with this action, like a flag on whether you want the vulnerability report from bomber added to the repository, or a flag to pass/fail the action if the bomber report has any vulnerabilities (or a threshold of so many severity issues, etc.). @djschleen If there are any that sound especially good, I'd love to make a separate issue out of that and start working on new PRs to introduce features!