Update dependabot.yml #56

	name: npm-artifacts
	on:
	push:
	branches:
	- main

	jobs:
	build:
	name: Build
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	contents: read
	attestations: write

	steps:
	- name: Checkout repo
	uses: actions/checkout@v3

	- name: Setup Node
	uses: actions/setup-node@v3

	- name: Install dependencies
	uses: bahmutov/npm-install@v1

	- name: Build project
	run: \|
	npm run build
	npm sbom --omit dev --package-lock-only --sbom-format cyclonedx \| jq >npm.cdx.json

	- name: Upload semgrep.sarif.json
	uses: actions/upload-artifact@v4
	with:
	name: semgrep_sarif
	path: semgrep.sarif.json

	- name: Upload npm.cdx.json
	uses: actions/upload-artifact@v4
	with:
	name: sbom
	path: npm.cdx.json

	- name: Generate SBOM attestation
	uses: actions/attest-sbom@v1
	env:
	INPUT_PRIVATE-SIGNING: 'true'
	with:
	subject-digest: 'sha256:7d070f6b64d9bcc530fe99cc21eaaa4b3c364e0b2d367d7735671fa202a03b32'
	subject-name: 'subject'
	sbom-path: npm.cdx.json

Provide feedback