generate-srcinfo: map ignored CVEs into the cdx sbom

See ef673c9802
2025-09-07 15:17:50 +02:00 · 2025-09-07 15:17:50 +02:00 · 0eecc2cf48
commit 0eecc2cf48
parent 57af559e25
1 changed files with 1 additions and 1 deletions
--- a/.github/workflows/generate-srcinfo.yml
+++ b/.github/workflows/generate-srcinfo.yml
@ -92,7 +92,7 @@ jobs:
        run: |
          msys2-sbom create srcinfo.json.gz sbom.cdx.json
          ./bin/grype sbom:sbom.cdx.json -o cyclonedx-json=sbom.vuln.cdx.json -o json=sbom.grype.json
-          msys2-sbom fixup sbom.vuln.cdx.json --grype-json sbom.grype.json
+          msys2-sbom fixup sbom.vuln.cdx.json --grype-json sbom.grype.json --srcinfo-cache srcinfo.json.gz

      - uses: actions/upload-artifact@v4
        with: