Debug GitHub workflow for OWASP dep-scan

Signed-off-by: tdruez <[email protected]>

Author: tdruez

.github/workflows/sca-integration-depscan.yml

@@ -1,5 +1,19 @@
 name: Generate SBOM with OWASP dep-scan and load into ScanCode.io
 
+# This workflow:
+#  1. Generates a CycloneDX SBOM for a container image using OWASP dep-scan.
+#  2. Uploads the SBOM as a GitHub artifact for future inspection.
+#  3. Loads the SBOM into ScanCode.io for further analysis.
+#  4. Runs assertions to verify that the SBOM was properly processed in ScanCode.io.
+#
+# It runs on demand, and once a week (scheduled).
+
+on:
+  workflow_dispatch:
+  schedule:
+    # Run once a week (every 7 days) at 00:00 UTC on Sunday
+    - cron: "0 0 * * 0"
+
 on:
   workflow_dispatch:
   pull_request:
@@ -11,8 +25,7 @@ permissions:
   contents: read
 
 env:
-#  IMAGE_REFERENCE: "python:3.13.0-slim"
-  IMAGE_REFERENCE: "alpine:3.17.0"
+  IMAGE_REFERENCE: "python:3.13.0-slim"
 
 jobs:
   generate-and-load-sbom: