From 6bb7c8c6b7c5856d277636852cc028c58677d185 Mon Sep 17 00:00:00 2001
From: Yilong Guo <yilong.guo@intel.com>
Date: Mon, 11 Nov 2024 10:14:36 +0800
Subject: [PATCH] [CI] update trivy

---
 .github/workflows/trivy.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index eea9f4e2..7fd8b09b 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -39,11 +39,14 @@ jobs:
     name: Trivy dependency map
     runs-on: ubuntu-latest
     steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
       - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
         uses: aquasecurity/trivy-action@0.28.0
         with:
           scan-type: 'fs'
-          format: 'github'
+          format: 'spdx'
           output: 'dependency-results.sbom.json'
           image-ref: '.'
           github-pat: ${{ secrets.GITHUB_TOKEN }}