diff --git a/config.json b/config.json
index 21705ff..c8df556 100644
--- a/config.json
+++ b/config.json
@@ -1386,12 +1386,9 @@
         "metrics" : {
             "NEEDREPOS" : ["bitbake", "meta-openembedded"],
             "extravars" : [
-                "INHERIT += 'cve-check'",
+                "OE_FRAGMENTS += 'core/yocto/sbom-cve-check'",
+                "INHERIT += 'sbom-cve-check-recipe'",
                 "BB_DISKMON_DIRS = ''",
-                "CVE_CHECK_FORMAT_JSON = '1'",
-                "CVE_CHECK_SHOW_WARNINGS = '0'",
-                "CVE_DB_UPDATE_INTERVAL = '21600'",
-                "CVE_DB_INCR_UPDATE_AGE_THRES = '21600'",
                 "LICENSE_FLAGS_ACCEPTED = 'commercial'",
                 "BB_SERVER_TIMEOUT = '0'"
             ],
diff --git a/scripts/run-cvecheck b/scripts/run-cvecheck
index 878bdfa..43bf37f 100755
--- a/scripts/run-cvecheck
+++ b/scripts/run-cvecheck
@@ -74,18 +74,21 @@ fi
 set +u
 source ./init-build-env build
 set -u
-bitbake world --runall cve_check -R conf/distro/include/cve-extra-exclusions.inc
 
+bitbake meta-world-recipe-sbom -R conf/distro/include/cve-extra-exclusions.inc -c sbom_cve_check_recipe
 # Do another pull to make sure we're as up to date as possible.  This is
 # preferable to committing and rebasing before pushing as it would be better to
 # waste some time repeating work than commit potentially corrupted files from a
 # git merge gone wrong.
 git -C $METRICSDIR pull
 
-if [ -e tmp/log/cve/cve-summary.json ]; then
+# Use the latest report, in case the build tree has more than one
+CVE_REPORT=$(ls -t tmp/deploy/images/*/world-recipe-sbom.sbom-cve-check.yocto.json | head -n1)
+
+if [ -e $CVE_REPORT ]; then
     git -C $METRICSDIR rm --ignore-unmatch cve-check/$BRANCH/*.json
     mkdir -p $METRICSDIR/cve-check/$BRANCH/
-    cp tmp/log/cve/cve-summary.json $METRICSDIR/cve-check/$BRANCH/$TIMESTAMP.json
+    cp $CVE_REPORT $METRICSDIR/cve-check/$BRANCH/$TIMESTAMP.json
     git -C $METRICSDIR add cve-check/$BRANCH/$TIMESTAMP.json
     git -C $METRICSDIR commit -asm "Autobuilder adding new CVE data for branch $BRANCH" || true
     if [ "$PUSH" = "1" ]; then
@@ -95,7 +98,7 @@ if [ -e tmp/log/cve/cve-summary.json ]; then
         fi
         git -C $METRICSDIR push
     fi
-    $OURDIR/cve-report.py tmp/log/cve/cve-summary.json > $RESULTSDIR/cve-status-$BRANCH.txt
+    $OURDIR/cve-report.py $CVE_REPORT > $RESULTSDIR/cve-status-$BRANCH.txt
 fi
 
 if [ "$BRANCH" = "master" ]; then