From e4d70d2aedf5e0ff6edc9353175a2cb8c3a255e9 Mon Sep 17 00:00:00 2001
From: Claudia <156065008+claudia-at-gepardec@users.noreply.github.com>
Date: Fri, 5 Jul 2024 09:51:50 +0200
Subject: [PATCH] update sbom pipeline

- upload SARIF report
---
 .github/workflows/sbom.yaml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/sbom.yaml b/.github/workflows/sbom.yaml
index 2dd2a8cc..88e85de7 100644
--- a/.github/workflows/sbom.yaml
+++ b/.github/workflows/sbom.yaml
@@ -27,7 +27,12 @@ jobs:
 
       - name: Scan current project
         uses: anchore/scan-action@v3
+        id: scan
         with:
           path: "."
           fail-build: false
-          output-format: table
+
+      - name: Upload anchore scan SARIF report
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: ${{ steps.scan.outputs.sarif }}