DEBUG cdxgen

Signed-off-by: tdruez <tdruez@nexb.com>

Author: tdruez

.github/workflows/sca-integration-cdxgen.yml

@@ -27,7 +27,7 @@ jobs:
         run: npm install @cyclonedx/cdxgen
 
       - name: Generate SBOM with CycloneDX cdxgen
-        run: npx cdxgen ${{ env.IMAGE_REFERENCE }} --type docker -output cdxgen-sbom.cdx.json --json-pretty
+        run: npx cdxgen ${{ env.IMAGE_REFERENCE }} -t universal -output cdxgen-sbom.cdx.json --spec-version 1.6 --json-pretty
 
       - name: Upload SBOM as GitHub Artifact
         uses: actions/upload-artifact@v4
@@ -36,13 +36,13 @@ jobs:
           path: "cdxgen-sbom.cdx.json"
           retention-days: 20
 
-#      - name: Import SBOM into ScanCode.io
-#        uses: aboutcode-org/scancode-action@main
-#        with:
-#          pipelines: "load_sbom"
-#          inputs-path: "cdxgen-sbom.cdx.json"
-#
-#      - name: Verify SBOM Analysis Results in ScanCode.io
-#        shell: bash
-#        run: |
-#          scanpipe shell --command "from scanpipe.models import DiscoveredPackage, DiscoveredDependency; package_manager = DiscoveredPackage.objects; assert package_manager.count() > 3200; assert package_manager.vulnerable().count() > 40; assert DiscoveredDependency.objects.count() > 220"
+      - name: Import SBOM into ScanCode.io
+        uses: aboutcode-org/scancode-action@main
+        with:
+          pipelines: "load_sbom"
+          inputs-path: "cdxgen-sbom.cdx.json"
+
+      - name: Verify SBOM Analysis Results in ScanCode.io
+        shell: bash
+        run: |
+          scanpipe shell --command "from scanpipe.models import DiscoveredPackage; package_manager = DiscoveredPackage.objects; print(package_manager.count());"