switched to spdx

redhat-cop · Nov 27, 2023 · 172889a · 172889a
1 parent f5ed37a
commit 172889a
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 10 deletions.
diff --git a/.github/workflows/pr-operator.yml b/.github/workflows/pr-operator.yml
@@ -270,8 +270,8 @@ jobs:
         with:
           scan-type: image
           image-ref: ${{ env.OPERATOR_IMAGE_REPOSITORY }}:latest-${{ steps.setup-build-step.outputs.platform_os }}-${{ steps.setup-build-step.outputs.platform_arch }}
-          format: "cyclonedx"
-          output: "operator-cyclonedxsbom.json"
+          format: "spdx-json"
+          output: "operator-spdxjson.json"
 
       - name: Prepare Distribution Artifacts
         shell: bash
@@ -394,8 +394,8 @@ jobs:
         with:
           scan-type: image
           image-ref: ${{ env.BUNDLE_IMAGE_REPOSITORY }}:latest-${{ steps.setup-build-step.outputs.platform_os }}-${{ steps.setup-build-step.outputs.platform_arch }}
-          format: "cyclonedx"
-          output: "bundle-cyclonedxsbom.json"
+          format: "spdx-json"
+          output: "bundle-spdxjson.json"
 
       - name: Prepare Distribution Artifacts
         shell: bash

diff --git a/.github/workflows/release-operator.yml b/.github/workflows/release-operator.yml
@@ -354,15 +354,15 @@ jobs:
         with:
           scan-type: image
           image-ref: ${{ env.OPERATOR_IMAGE_REPOSITORY }}@${{ steps.build_push.outputs.digest }}
-          format: "cyclonedx"
-          output: "cyclonedx-sbom.json"
+          format: "spdx-json"
+          output: "spdx-json.json"
 
       - name: Attach attestations for Operator Image
         env:
           IMAGE_URI: ${{ env.OPERATOR_IMAGE_REPOSITORY }}@${{ steps.build_push.outputs.digest }}
         run: |
           cosign attest --yes --type vuln --predicate cosign-vuln.json ${IMAGE_URI}
-          cosign attest --yes --type cyclonedx --predicate cyclonedx-sbom.json ${IMAGE_URI}
+          cosign attest --yes --type spdx --predicate spdx-json.json ${IMAGE_URI}
 
       - name: Prepare Distribution Artifacts
         shell: bash
@@ -557,15 +557,15 @@ jobs:
         with:
           scan-type: image
           image-ref: ${{ env.BUNDLE_IMAGE_REPOSITORY }}@${{ steps.build_push.outputs.digest }}
-          format: "cyclonedx"
-          output: "cyclonedx-sbom.json"
+          format: "spdx-json"
+          output: "spdx-json.json"
 
       - name: Attach attestations for Bundle Image
         env:
           IMAGE_URI: ${{ env.BUNDLE_IMAGE_REPOSITORY }}@${{ steps.build_push.outputs.digest }}
         run: |
           cosign attest --yes --type vuln --predicate cosign-vuln.json ${IMAGE_URI}
-          cosign attest --yes --type cyclonedx --predicate cyclonedx-sbom.json ${IMAGE_URI}
+          cosign attest --yes --type spdx --predicate spdx-json.json ${IMAGE_URI}
 
       - name: Prepare Distribution Artifacts
         shell: bash