DEBUG workflow

Signed-off-by: tdruez <[email protected]>

Author: tdruez

.github/workflows/sca-integration-ort-package-file.yml

@@ -63,11 +63,23 @@ jobs:
             --report-formats CycloneDX,SpdxDocument
 
       - name: DEBUG
-        run: ls -la ${GITHUB_WORKSPACE}/ort-data
+        run: ls -la ${GITHUB_WORKSPACE}/ort-data/results
 
       - name: Upload SBOMs as GitHub Artifact
         uses: actions/upload-artifact@v4
         with:
           name: ort-report
-          path: "${GITHUB_WORKSPACE}/ort-data/*"
+          path: "${GITHUB_WORKSPACE}/ort-data/results"
           retention-days: 20
+
+      - name: Import SBOM into ScanCode.io
+        uses: aboutcode-org/scancode-action@main
+        with:
+          pipelines: "load_sbom"
+          inputs-path: "${GITHUB_WORKSPACE}/ort-data/results/bom.cyclonedx.json"
+          scancodeio-repo-branch: "main"
+
+      - name: Verify SBOM Analysis Results in ScanCode.io
+        shell: bash
+        run: |
+          scanpipe shell --command "from scanpipe.models import DiscoveredPackage, DiscoveredDependency; package_manager = DiscoveredPackage.objects; print(package_manager.count()); print(package_manager.vulnerable().count()); print(DiscoveredDependency.objects.count())"