Fix CycloneDX SBOM generation command syntax and improve error handling

Signed-off-by: DavidOsipov <[email protected]>

Author: DavidOsipov

.github/workflows/sonarqube.yml

@@ -135,18 +135,17 @@ jobs:
           # Install the correct package
           poetry run pip install cyclonedx-bom
           
-          # Generate SBOM in JSON format from Poetry project with improved options
-          # --pyproject helps find project metadata including name
-          # Use correct format for specifying groups with proper quotes
-          poetry run cyclonedx-py poetry --with "dev" --pyproject pyproject.toml -o cyclonedx_report.json --of JSON .
+          # Generate SBOM in JSON format from Poetry project with correct parameter syntax
+          # Remove the trailing dot and fix the --with parameter syntax
+          poetry run cyclonedx-py poetry --with dev --pyproject pyproject.toml -o cyclonedx_report.json --of JSON --validate
           
           # Add error handling and debugging
           if [ -f "cyclonedx_report.json" ]; then
             echo "✅ Successfully generated cyclonedx_report.json"
           else
             echo "❌ Failed to generate cyclonedx_report.json"
             # Create a minimal valid file to prevent upload failure
-            echo '{"bomFormat":"CycloneDX","specVersion":"1.4","version":1,"metadata":{"component":{"name":"PostQuantum-Feldman-VSS","type":"application"}},"components":[]}' > cyclonedx_report.json
+            echo '{"bomFormat":"CycloneDX","specVersion":"1.5","version":1,"metadata":{"component":{"name":"PostQuantum-Feldman-VSS","type":"application"}},"components":[]}' > cyclonedx_report.json
           fi
 
       - name: Initialize CodeQL