Update GitHub Actions workflows to use latest version of upload-sarif… #73

	# https://github.com/microsoft/sbom-tool

	name: SCA - Microsoft SBOM Tool

	on:
	push:
	branches: [main]

	env:
	SRC_PROJECT_PATH: '/webapp01/webapp01.csproj'
	AZURE_WEBAPP_PACKAGE_PATH: './src' # set this to the path to your web app project, defaults to the repository root
	DOTNET_VERSION: '9.0.x' # set this to the dot net version to use

	permissions:
	contents: write
	id-token: write # required to upload artifacts

	jobs:
	build:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- name: Setup .NET Core
	uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5.2.0
	with:
	dotnet-version: ${{ env.DOTNET_VERSION }}
	- name: dotnet build
	run: \|
	dotnet restore ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}${{ env.SRC_PROJECT_PATH }}
	dotnet build --configuration Release ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}${{ env.SRC_PROJECT_PATH }} --output buildOutput

	- name: Generate SBOM
	run: \|
	curl -Lo $RUNNER_TEMP/sbom-tool https://github.com/microsoft/sbom-tool/releases/latest/download/sbom-tool-linux-x64
	chmod +x $RUNNER_TEMP/sbom-tool
	$RUNNER_TEMP/sbom-tool generate -b ./buildOutput -bc . -pn Test -pv 1.0.0 -ps MyCompany -nsb https://sbom.mycompany.com -V Verbose

	- name: Upload a Build Artifact
	uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
	with:
	path: buildOutput

	- name: SBOM upload
	uses: advanced-security/spdx-dependency-submission-action@5530bab9ee4bbe66420ce8280624036c77f89746 # v0.1.1
	with:
	filePath: "_manifest/spdx_2.2/"

Provide feedback