Debug OSV-Scanner action #1730

Signed-off-by: tdruez <[email protected]>

Author: tdruez

.github/workflows/sca-integration-osv.yml

@@ -31,4 +31,11 @@ jobs:
       - name: Run OSV Scanner
         uses: docker://ghcr.io/google/osv-scanner-action:v2.2.1
         with:
-          args: scan image --archive alpine_3.17.0.tar --format spdx-2-3 --all-packages
+          args: scan image --archive alpine_3.17.0.tar --format spdx-2-3 --all-packages > osv-scanner.spdx.json
+
+      - name: Upload SBOM as GitHub Artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: osv-scanner-sbom-report
+          path: osv-scanner.spdx.json
+          retention-days: 20