DEBUG workflow

Signed-off-by: tdruez <[email protected]>

Author: tdruez

.github/workflows/sca-integration-osv.yml

@@ -31,11 +31,12 @@ jobs:
       - name: Run OSV Scanner
         uses: docker://ghcr.io/google/osv-scanner-action:v2.2.1
         with:
-          args: scan image --archive alpine_3.17.0.tar --format spdx-2-3 --all-packages > osv-scanner.spdx.json || true
+#          args: scan image --archive alpine_3.17.0.tar --format spdx-2-3 --all-packages > osv-scanner.spdx.json || true
+          args: scan image --archive alpine_3.17.0.tar --format cyclonedx-1-5 --all-packages > osv-scanner.cdx.json || true
 
       - name: Upload SBOM as GitHub Artifact
         uses: actions/upload-artifact@v4
         with:
           name: osv-scanner-sbom-report
-          path: osv-scanner.spdx.json
+          path: osv-scanner.cdx.json
           retention-days: 20