diff --git a/jobs/codescan.yml b/jobs/codescan.yml
index ca56b64..44b31f7 100644
--- a/jobs/codescan.yml
+++ b/jobs/codescan.yml
@@ -26,8 +26,8 @@
       #Syft scan for go
       for i in packages/*.tar.gz;
       do filename=${i%.*.tar.gz};
-        filename=${filename##/};
-        syft $i -o cyclonedx-json=$filename.docker.sbom.json;
+        filename="$(basename -- "$filename")"
+        syft $i -o cyclonedx-json=syft/$filename.docker.sbom.json;
       done
     # End of syft-docker.sh
   artifacts: