🔒 upload sbom to dependency track

Author: Yoan Moscatelli

.github/workflows/generate-sbom.yaml

@@ -83,7 +83,7 @@ jobs:
           echo "METALK8S_VERSION=$VERSION" >> $GITHUB_ENV
 
       - name: Generate sbom for extracted ISO
-        uses: scality/sbom@v2.1.0
+        uses: scality/sbom@v2
         with:
           target: ${{ env.BASE_PATH }}/iso/metalk8s.iso
           target_type: iso
@@ -94,6 +94,15 @@ jobs:
           merge: true
           merge_hierarchical: true
 
+      - name: Upload sbom to Dependency-Track
+        uses: scality/sbom-upload@v1
+        with:
+          url: ${{ vars.DEPENDENCY_TRACK_HOSTNAME }}
+          api-key: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
+          hierarchy-input-dir: ${{ env.SBOM_PATH }}
+          generate-hierarchy: true
+          hierarchy-upload: true
+
       - name: Generate archive
         shell: bash
         run: |