From e9e08c62337cf3f14555574ab29e47e7739d9e9c Mon Sep 17 00:00:00 2001
From: Vinny Barton <vbarton@shiftleftcyber.io>
Date: Wed, 18 Mar 2026 11:40:24 -0400
Subject: [PATCH] chore: update version of SecureSBOM Action

---
 .github/workflows/generate-and-scan-sbom.yml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/generate-and-scan-sbom.yml b/.github/workflows/generate-and-scan-sbom.yml
index f19fa90..e969fcc 100644
--- a/.github/workflows/generate-and-scan-sbom.yml
+++ b/.github/workflows/generate-and-scan-sbom.yml
@@ -98,20 +98,20 @@ jobs:
           path: .
     
       - name: Sign SBOM via SecureSBOM
-        uses: shiftleftcyber/secure-sbom-action@v1.3.1
+        uses: shiftleftcyber/secure-sbom-action@v2.2.0
         with:
           sbom_file: sbom-validator.${{ needs.setup.outputs.sanitized_branch_name }}.cdx.json
-          secure_sbom_action: sign
-          api_key: ${{ secrets.SECURE_SBOM_API_KEY }}
-          key_id: ${{ secrets.SECURE_SBOM_KEYID }}
+          secure_sbom_action: sign_sbom
+          secure_sbom_api_key: ${{ secrets.SECURE_SBOM_API_KEY }}
+          secure_sbom_signing_key_id: ${{ vars.SECURE_SBOM_SIGNING_KEY_ID }}
       
       - name: Verify SBOM via SecureSBOM
-        uses: shiftleftcyber/secure-sbom-action@v1.3.1
+        uses: shiftleftcyber/secure-sbom-action@v2.2.0
         with:
             sbom_file: sbom-validator.${{ needs.setup.outputs.sanitized_branch_name }}.cdx.signed.json
-            secure_sbom_action: verify
-            api_key: ${{ secrets.SECURE_SBOM_API_KEY }}
-            key_id: ${{ secrets.SECURE_SBOM_KEYID }}
+            secure_sbom_action: verify_sbom
+            secure_sbom_api_key: ${{ secrets.SECURE_SBOM_API_KEY }}
+            secure_sbom_signing_key_id: ${{ vars.SECURE_SBOM_SIGNING_KEY_ID }}
 
       - name: Upload Signed SBOM
         uses: actions/upload-artifact@v4