diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index b6a4946..9b12f73 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -720,9 +720,23 @@ jobs:
         run: |
           cd test-sbom
           if [ "${{ matrix.format }}" = "json" ]; then
-            ls -lh *.cdx.json 2>/dev/null || ls -lh test-sbom_*.cdx.json || { echo "No JSON SBOM found"; exit 1; }
+            if compgen -G "*.cdx.json" > /dev/null 2>&1; then
+              ls -lh *.cdx.json
+            elif compgen -G "test-sbom_*.cdx.json" > /dev/null 2>&1; then
+              ls -lh test-sbom_*.cdx.json
+            else
+              echo "No JSON SBOM found"
+              exit 1
+            fi
           else
-            ls -lh *.cdx.xml 2>/dev/null || ls -lh test-sbom_*.cdx.xml || { echo "No XML SBOM found"; exit 1; }
+            if compgen -G "*.cdx.xml" > /dev/null 2>&1; then
+              ls -lh *.cdx.xml
+            elif compgen -G "test-sbom_*.cdx.xml" > /dev/null 2>&1; then
+              ls -lh test-sbom_*.cdx.xml
+            else
+              echo "No XML SBOM found"
+              exit 1
+            fi
           fi
 
   test-generate-sbom-workspace:
@@ -788,7 +802,12 @@ jobs:
           echo "Searching for SBOMs in workspace..."
 
           # Check root
-          ls -lh *.cdx.json 2>/dev/null || true
+          if compgen -G "*.cdx.json" > /dev/null 2>&1; then
+            echo "Root SBOMs:"
+            for file in *.cdx.json; do
+              ls -lh "$file"
+            done
+          fi
 
           # Check each crate
           find . -name "*.cdx.json" -not -path "*/target/*" -type f | while read sbom; do
diff --git a/rust/generate-sbom/action.yaml b/rust/generate-sbom/action.yaml
index 1778880..a8fc9df 100644
--- a/rust/generate-sbom/action.yaml
+++ b/rust/generate-sbom/action.yaml
@@ -104,9 +104,11 @@ runs:
         echo "Generated SBOM files:"
 
         # Check root directory
-        if ls *.cdx.* 2>/dev/null; then
+        if compgen -G "*.cdx.*" > /dev/null 2>&1; then
           echo "Root directory SBOMs:"
-          ls -lh *.cdx.*
+          for file in *.cdx.*; do
+            ls -lh "$file"
+          done
         fi
 
         # Check each crate directory (for workspace with describe=crate)
@@ -121,7 +123,9 @@ runs:
             if compgen -G "$crate_dir/*.cdx.*" > /dev/null 2>&1; then
               echo ""
               echo "SBOMs in $crate_dir:"
-              ls -lh "$crate_dir"/*.cdx.*
+              for file in "$crate_dir"/*.cdx.*; do
+                ls -lh "$file"
+              done
             fi
           done
         fi
@@ -131,12 +135,16 @@ runs:
           echo ""
           echo "Searching for SBOMs in target directories..."
           find target -name "*.cdx.*" -type f 2>/dev/null | while read sbom_file; do
-            echo "  $(ls -lh "$sbom_file")"
+            ls -lh "$sbom_file"
           done
         fi
 
         # Summary count
         echo ""
         total_sboms=$(find . -name "*.cdx.*" -not -path "*/target/*" -not -path "*/.git/*" -type f 2>/dev/null | wc -l | tr -d ' ')
-        target_sboms=$(find target -name "*.cdx.*" -type f 2>/dev/null | wc -l | tr -d ' ')
+        if [ -d "target" ]; then
+          target_sboms=$(find target -name "*.cdx.*" -type f 2>/dev/null | wc -l | tr -d ' ')
+        else
+          target_sboms=0
+        fi
         echo "Total SBOMs found: $total_sboms in workspace, $target_sboms in target/"