From 3a464eeaa9c303b189ab8ce1b0b1b4a5a6bf6562 Mon Sep 17 00:00:00 2001
From: Thomas Burkhalter <new.mysteryman@gmail.com>
Date: Thu, 8 Feb 2024 20:59:18 +0100
Subject: [PATCH] Fix SBOM

---
 .github/workflows/reusable-sbom.yaml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/reusable-sbom.yaml b/.github/workflows/reusable-sbom.yaml
index 4ad44018..dff784b8 100644
--- a/.github/workflows/reusable-sbom.yaml
+++ b/.github/workflows/reusable-sbom.yaml
@@ -52,8 +52,8 @@ jobs:
       - name: 'Generate SBOM for ruby and npm dependencies'
         run: |
           npm install -g @cyclonedx/cdxgen
-          cdxgen -o ./sbom-ruby.xml -t ruby --spec-version 1.4 .
-          cdxgen -o ./sbom-npm.xml -t npm --spec-version 1.4 .
+          cdxgen -o ./sbom-ruby.json -t ruby --spec-version 1.4 .
+          cdxgen -o ./sbom-npm.json -t npm --spec-version 1.4 .
 
       - name: 'Merge frontend and backend SBOMs'
         run: |
@@ -62,7 +62,7 @@ jobs:
                  -v $(pwd):/data \
                  cyclonedx/cyclonedx-cli \
                  merge \
-                 --input-files data/sbom-ruby.xml data/sbom-npm.xml \
+                 --input-files data/sbom-ruby.json data/sbom-npm.json \
                  --output-file data/sbom.xml
       
       - name: 'Push merged SBOM to dependency track'
@@ -83,6 +83,6 @@ jobs:
         with:
           name: ${{ inputs.artifact-prefix }}sboms
           path: |
-            ./sbom-npm.xml
-            ./sbom-ruby.xml
+            ./sbom-npm.json
+            ./sbom-ruby.json
             ./sbom.xml