PHP-1688: Migrating generation to composer sbom package

Author: ekovalets

.github/actions/sbom-update/action.yml

@@ -14,7 +14,7 @@ runs:
       working-directory: ${{ inputs.working-directory }}
       run: |
         echo "Generating SBOM for 'php' project..."
-        cdxgen -t 'php' --json-pretty --spec-version 1.5 -o ${{ inputs.output-file }} .
+        ./composer CycloneDX:make-sbom --output-file=sbom.json --output-format=json --spec-version=1.5
 
     - name: Validate SBOM
       shell: bash

.github/actions/setup-sbom/action.yml

@@ -9,11 +9,10 @@ inputs:
 runs:
   using: composite
   steps:
-    - name: Setup Node.js (for cdxgen)
-      uses: actions/setup-node@v4
-      with:
-        node-version: '20'
+    - name: Install latest Composer
+      shell: bash
+      run: curl -sS https://getcomposer.org/installer | php -- --install-dir=. --filename=composer
 
     - name: Install cdxgen
       shell: bash
-      run: npm install -g @cyclonedx/cdxgen
+      run: ./composer require --dev cyclonedx/cyclonedx-php-composer --ignore-platform-reqs