Simplify workflow before adding sign step

Author: j28smith

.github/workflows/sbom.yaml

@@ -13,33 +13,14 @@ jobs:
   sbom:
     runs-on: ubuntu-latest
     permissions:
-      contents: read
+      actions: read
+      contents: write
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      - name: Set up Syft
-        uses: anchore/sbom-action@v0.20.6
-
       - name: Generate SBOM with Syft
-        run: syft . -o cyclonedx-json=sbom.${{ env.COMPONENT_VERSION }}.cdx.json
-
-
-      - name: Sign SBOM
-        uses: shiftleftcyber/secure-sbom-action@v1.2.0
-        with:
-          sbom_file: sbom.${{ env.COMPONENT_VERSION }}.cdx.json
-          secure_sbom_action: sign
-          api_key: ${{ secrets.SECURE_SBOM_API_KEY }}
-          key_id: ${{ secrets.SECURE_SBOM_KEY_ID }}
-
-      - name: Archive Signed SBOM
-        uses: actions/upload-artifact@v4
+        uses: anchore/sbom-action@v0.20.6
         with:
-          name: secure-sbom-api-signed-sbom
-          path: sbom.${{ env.COMPONENT_VERSION }}.cdx.signed.json
-          retention-days: 30
-
-      - name: Clean up
-        run: rm -f sbom.${{ env.COMPONENT_VERSION }}.cdx.json sbom.${{ env.COMPONENT_VERSION }}.cdx.signed.json
+          path: ./marketing/