From 0eecc2cf48fddaf3fc97f213b7f186cbfab7da3e Mon Sep 17 00:00:00 2001
From: Christoph Reiter <reiter.christoph@gmail.com>
Date: Sun, 7 Sep 2025 15:17:50 +0200
Subject: [PATCH] generate-srcinfo: map ignored CVEs into the cdx sbom

See https://github.com/msys2/msys2-devtools/commit/ef673c980279926f6b98b905ef685b84fdbb3390
---
 .github/workflows/generate-srcinfo.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/generate-srcinfo.yml b/.github/workflows/generate-srcinfo.yml
index 8203ae0a..99af3427 100644
--- a/.github/workflows/generate-srcinfo.yml
+++ b/.github/workflows/generate-srcinfo.yml
@@ -92,7 +92,7 @@ jobs:
         run: |
           msys2-sbom create srcinfo.json.gz sbom.cdx.json
           ./bin/grype sbom:sbom.cdx.json -o cyclonedx-json=sbom.vuln.cdx.json -o json=sbom.grype.json
-          msys2-sbom fixup sbom.vuln.cdx.json --grype-json sbom.grype.json
+          msys2-sbom fixup sbom.vuln.cdx.json --grype-json sbom.grype.json --srcinfo-cache srcinfo.json.gz
 
       - uses: actions/upload-artifact@v4
         with: