Merge pull request #45 from gcmurphy/bug/workflows

Repair semgrep

Author: gcmurphy

.github/workflows/semgrep.yml

@@ -22,9 +22,8 @@ jobs:
       security-events: write
     if: (github.action != 'dependabot[bot]')
     steps:
-      - name: Semgrep Scan
-        uses: actions/checkout@v3
-        run: semgrep ci --sarif semgrep-results.sarif
+      - uses: actions/checkout@v3
+      - run: semgrep ci --sarif-output=semgrep-results.sarif
         env:
           SEMGREP_RULES: >-
             p/security-audit

Cargo.toml

@@ -29,6 +29,7 @@ cargo-fuzz = "0.12.0"
 cargo-release = "0.25.10"
 textwrap = { version = "0.16.1", features = ["default", "terminal_size"] }
 tokio-test = "0.4.3"
+cargo-sbom = "0.9.1"
 
 [features]
 default = ["schema"]