generate-srcinfo: include fixed versions in the SBOM

See c7d0333481
2025-09-06 17:36:58 +02:00 · 2025-09-06 17:36:58 +02:00 · 72b7663813
commit 72b7663813
parent a1e37ed1e2
1 changed files with 2 additions and 1 deletions
--- a/.github/workflows/generate-srcinfo.yml
+++ b/.github/workflows/generate-srcinfo.yml
@ -92,7 +92,8 @@ jobs:
        run: |
          msys2-sbom create srcinfo.json.gz sbom.cdx.json
          ./bin/grype sbom:sbom.cdx.json -o cyclonedx-json --file sbom.vuln.cdx.json
-          msys2-sbom merge sbom.cdx.json sbom.vuln.cdx.json
+          ./bin/grype sbom:sbom.cdx.json -o json --file sbom.grype.json
+          msys2-sbom merge sbom.cdx.json sbom.vuln.cdx.json --grype-json sbom.grype.json

      - uses: actions/upload-artifact@v4
        with: