Update DAST ZAP workflow to start application if not running and fix SBOM workflow permissions

Author: CalinL

.github/workflows/DAST-ZAP-Zed-Attach-Proxy-Checkmarx.yml

@@ -39,6 +39,7 @@ jobs:
           if ! curl -s --head --request GET ${{ env.ZAP_TARGET }} | grep "200 OK" > /dev/null; then
             echo "Application is not running. Building and starting the application..."
             docker build ./src/webapp01 --file ./src/webapp01/Dockerfile -t ${{ env.imageName }}:${{ env.tag }}
+            echo "Starting the application..."
             docker run -d --rm -p ${{ env.HOST_PORT }}:${{ env.CONTAINER_PORT }} ${{ env.imageName }}:${{ env.tag }}
           else
             echo "Application is already running."

.github/workflows/SCA-Anchore-Syft-SBOM.yml

@@ -1,7 +1,7 @@
 # https://github.com/anchore/syft
 # https://github.com/anchore/sbom-action
 
-name: CSA - Anchore Syft SBOM Scan
+name: SCA - Anchore Syft SBOM Scan
 
 on:
   push:
@@ -35,10 +35,10 @@ jobs:
         uses: anchore/sbom-action@bb716408e75840bbb01e839347cd213767269d4a
         with:
           image: "${{ env.imageName }}:${{ env.tag }}"
-          artifact-name: image.spdx.json
+          artifact-name: sbom.spdx
           dependency-snapshot: true
 
       - name: SBOM upload 
         uses: advanced-security/spdx-dependency-submission-action@v0.1.1
         with:
-          filePath: "image.spdx.json"
+          filePath: "sbom.spdx"

.github/workflows/SCA-Microsoft-SBOM.yml

@@ -12,7 +12,7 @@ env:
   DOTNET_VERSION: '9.0.x'                       # set this to the dot net version to use
 
 permissions:
-  contents: read
+  contents: write
   id-token: write # required to upload artifacts
 
 jobs: