shiftleftcyber · VinnyBarton · Mar 18, 2026 · Mar 18, 2026
diff --git a/.github/workflows/generate-and-scan-sbom.yml b/.github/workflows/generate-and-scan-sbom.yml
@@ -98,20 +98,20 @@ jobs:
           path: .
 
       - name: Sign SBOM via SecureSBOM
-        uses: shiftleftcyber/secure-sbom-action@v1.3.1
+        uses: shiftleftcyber/secure-sbom-action@v2.2.0
         with:
           sbom_file: sbom-validator.${{ needs.setup.outputs.sanitized_branch_name }}.cdx.json
-          secure_sbom_action: sign
-          api_key: ${{ secrets.SECURE_SBOM_API_KEY }}
-          key_id: ${{ secrets.SECURE_SBOM_KEYID }}
+          secure_sbom_action: sign_sbom
+          secure_sbom_api_key: ${{ secrets.SECURE_SBOM_API_KEY }}
+          secure_sbom_signing_key_id: ${{ vars.SECURE_SBOM_SIGNING_KEY_ID }}
 
       - name: Verify SBOM via SecureSBOM
-        uses: shiftleftcyber/secure-sbom-action@v1.3.1
+        uses: shiftleftcyber/secure-sbom-action@v2.2.0
         with:
             sbom_file: sbom-validator.${{ needs.setup.outputs.sanitized_branch_name }}.cdx.signed.json
-            secure_sbom_action: verify
-            api_key: ${{ secrets.SECURE_SBOM_API_KEY }}
-            key_id: ${{ secrets.SECURE_SBOM_KEYID }}
+            secure_sbom_action: verify_sbom
+            secure_sbom_api_key: ${{ secrets.SECURE_SBOM_API_KEY }}
+            secure_sbom_signing_key_id: ${{ vars.SECURE_SBOM_SIGNING_KEY_ID }}
 
       - name: Upload Signed SBOM
         uses: actions/upload-artifact@v4