From b688bcb99da178d6979f598ae4a8cd8ef014ae22 Mon Sep 17 00:00:00 2001
From: Mostafa Moradian <mostafa@gatewayd.io>
Date: Tue, 13 Feb 2024 12:53:40 +0100
Subject: [PATCH] Use actions for syft and cyclonedx-gomod

---
 .github/workflows/release.yaml | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 290c8d9b..ff0c833d 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -57,13 +57,16 @@ jobs:
             ghcr.io/gatewayd-io/gatewayd:${{ github.ref_name }}
             ghcr.io/gatewayd-io/gatewayd:latest
       - name: Scan Docker image with Syft and generate SBOM
-        run: |
-          go install github.com/anchore/syft/cmd/syft@latest
-          syft packages docker:gatewaydio/gatewayd:${{ github.ref_name }} --file gatewayd-image-${{ github.ref_name }}.cyclonedx.json --output cyclonedx-json
+        uses: anchore/sbom-action@v0
+        with:
+          image: docker:gatewaydio/gatewayd:${{ github.ref_name }}
+          format: cyclonedx-json
+          output-file: gatewayd-image-${{ github.ref_name }}.cyclonedx.json
       - name: Scan source code and generate SBOM
-        run: |
-          go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest
-          cyclonedx-gomod mod -json -licenses -output gatewayd-source-${{ github.ref_name }}.cyclonedx.json
+        uses: CycloneDX/gh-gomod-generate-sbom@v2
+        with:
+          version: v1
+          args: mod -json -licenses -output gatewayd-source-${{ github.ref_name }}.cyclonedx.json
       - name: Create release and add artifacts
         uses: softprops/action-gh-release@v1
         with: