diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index eea9f4e..7fd8b09 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -39,11 +39,14 @@ jobs:
     name: Trivy dependency map
     runs-on: ubuntu-latest
     steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
       - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
         uses: aquasecurity/trivy-action@0.28.0
         with:
           scan-type: 'fs'
-          format: 'github'
+          format: 'spdx'
           output: 'dependency-results.sbom.json'
           image-ref: '.'
           github-pat: ${{ secrets.GITHUB_TOKEN }}