Use json

.github/workflows/sbom.yml

@@ -21,12 +21,12 @@ jobs:
       - name: 'Generate SBOM for Ruby dependencies'
         uses: docker://ghcr.io/cyclonedx/cdxgen:v10.0.4
         with:
-          args: --spec-version 1.4 -o sbom-ruby.xml -t ruby .
+          args: --spec-version 1.4 -o sbom-ruby.json -t ruby .
 
       - name: 'Generate SBOM for Node.js dependencies'
         uses: docker://ghcr.io/cyclonedx/cdxgen:v10.0.4
         with:
-          args: --spec-version 1.4 -o sbom-npm.xml -t npm .
+          args: --spec-version 1.4 -o sbom-npm.json -t npm .
 
       - name: 'Generate SBOM for Node.js dependencies'
         uses: docker://ghcr.io/cyclonedx/cdxgen:v10.0.4
@@ -40,7 +40,7 @@ jobs:
       - name: 'Merge frontend and backend SBOMs'
         uses: docker://cyclonedx/cyclonedx-cli:0.25.0
         with:
-          args: merge --input-files sbom-ruby.xml sbom-npm.xml --output-file sbom.xml
+          args: merge --input-files sbom-ruby.json sbom-npm.json --output-file bom.json
 
       - name: 'Push merged SBOM to dependency track'
         env:
@@ -52,4 +52,4 @@ jobs:
           --form "autoCreate=true" \
           --form "projectName=${PROJECT_NAME:-$GITHUB_REPOSITORY}" \
           --form "projectVersion=latest" \
-          --form "bom=@sbom.xml"
+          --form "bom=@bom.json"