Fix Anchore SBOM artifact naming issue (#668)

aaronlippold · web-flow · commit 502f1825a421 · 2025-06-09T00:01:54.000-04:00
Update Anchore SBOM action to latest version The workflow was failing with 'artifact name image.spdx.json is not valid' error. This appears to be due to using an old pinned version of the action from 2022. - Updated from specific commit hash to v0 (latest stable version) - This should resolve intermittent artifact upload failures - The newer version includes fixes for various artifact naming issues Fixes the error seen in: https://github.com/mitre/vulcan/actions/runs/15525433955/job/43704379533
diff --git a/.github/workflows/anchore-syft.yml b/.github/workflows/anchore-syft.yml
@@ -31,7 +31,7 @@ jobs:
     - name: Build the Docker image
       run: docker build . --file Dockerfile --tag localbuild/testimage:latest
     - name: Scan the image and upload dependency results
-      uses: anchore/sbom-action@bb716408e75840bbb01e839347cd213767269d4a
+      uses: anchore/sbom-action@v0
       with:
         image: "localbuild/testimage:latest"
         artifact-name: image.spdx.json
