Update SBOM action version to v0.2.0

[felickz]

No description provided.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 1e5b017.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Package	Version	Score	Details
actions/advanced-security/spdx-dependency-submission-action	169d22427d74f3faf93504e70b03eede8dab272a	🟢 6.6	Details Check Score Reason Maintained 🟢 10 23 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 6 Found 3/5 approved changesets -- score normalized to 6 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Vulnerabilities 🟢 9 1 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits

Scanned Files

• .github/workflows/build.yml

[Copilot]

Pull request overview

Updates the pinned commit of the SBOM upload GitHub Action to the v0.2.0 release.

Changes:

• Bumps advanced-security/spdx-dependency-submission-action from v0.1.1 to v0.2.0 (commit pin update).