From d805c39dea8b17fcfe0ffd39c2d10850d39e98ce Mon Sep 17 00:00:00 2001
From: Nat Dean-Lewis <nat.dean-lewis@softwire.com>
Date: Wed, 17 Jun 2026 10:31:39 +0100
Subject: [PATCH] CLDC-4473: upload sbom directly

---
 .github/workflows/upload-sbom.yml | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/upload-sbom.yml b/.github/workflows/upload-sbom.yml
index f1c02a0ec..da41affce 100644
--- a/.github/workflows/upload-sbom.yml
+++ b/.github/workflows/upload-sbom.yml
@@ -41,12 +41,15 @@ jobs:
 
       - run: syft . -o cyclonedx-xml=bom.xml
 
-      - uses: DependencyTrack/gh-upload-sbom@v3
-        with:
-          serverhostname: api-deps.softwire.com
-          apikey: ${{ secrets.DTRACK_API_KEY }}
-          autocreate: true
-          projectname: CORE
-          projectversion: ${{ inputs.projectversion }}
-          parentname: Support
-          bomfilename: bom.xml
+      - name: Upload SBOM to Dependency-Track
+        env:
+          DTRACK_API_KEY: ${{ secrets.DTRACK_API_KEY }}
+          SBOM_VERSION: ${{ inputs.projectversion }}
+        run: |
+          curl -sSf -X POST "https://api-deps.softwire.com/api/v1/bom" \
+            -H "X-Api-Key: $DTRACK_API_KEY" \
+            -F "autoCreate=true" \
+            -F "projectName=CORE" \
+            -F "projectVersion=$SBOM_VERSION" \
+            -F "parentName=Support" \
+            -F "bom=@bom.xml"