diff --git a/.github/workflows/ci-main-pull-request.yml b/.github/workflows/ci-main-pull-request.yml
index d5fea9e..d946d6e 100644
--- a/.github/workflows/ci-main-pull-request.yml
+++ b/.github/workflows/ci-main-pull-request.yml
@@ -340,6 +340,11 @@ on:
         required: false
         type: boolean
         default: true
+      run-bundle-install: # Added to support projects without committed Gemfile.lock (e.g., chef-cli)
+        description: 'Run bundle install before scanning to generate Gemfile.lock at runtime'
+        required: false
+        type: boolean
+        default: false
       udf1:
         description: 'User defined flag 1'
         required: false
@@ -727,6 +732,11 @@ jobs:
       #     - name: Build for Ruby binary 
       # simple bundle install to generate gemlock(puts them in directory vendor/bundle, and uses actual gemspec for deployment to get multi-architecture ), then build gem
       # https://bundler.io/man/bundle-install.1.html
+      - name: Set up Ruby # Fixed: Ruby setup was missing, causing "bundle: command not found" errors
+        if: ${{ inputs.language == 'ruby' && inputs.build-profile == 'cli' }}
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.4'
       - name: 'Ruby build'
         if: ${{ inputs.language == 'ruby' && inputs.build-profile == 'cli' }}        
         run: |
@@ -734,8 +744,8 @@ jobs:
           if [ -f "Gemfile.lock" ]; then
             bundle install --deployment
           else
-            echo "No .gemlock file found, creating it now"
-            bundle install --path vendor/bundle --deployment
+            echo "No Gemfile.lock found, creating it now"
+            bundle install --path vendor/bundle # Fixed: Removed --deployment flag when lockfile doesn't exist
           fi
           bundle exec rake build
       
@@ -1281,7 +1291,7 @@ jobs:
   generate-sbom:
     name: 'Generating SBOM'
     if: ${{ inputs.generate-sbom == true }}
-    uses: chef/common-github-actions/.github/workflows/sbom.yml@main
+    uses: chef/common-github-actions/.github/workflows/sbom.yml@nikhil/create-lock-file-runtime
     needs: ci-build
     secrets: inherit
     with:
@@ -1294,6 +1304,7 @@ jobs:
       generate-msft-sbom: ${{ inputs.generate-msft-sbom }}
       license_scout: ${{ inputs.license_scout }}
       go-private-modules: ${{ inputs.go-private-modules }}
+      run-bundle-install: ${{ inputs.run-bundle-install }} # Passed to sbom.yml to generate Gemfile.lock at runtime
 
   quality-dashboard:
     name: 'Reporting to quality dashboard'
diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml
index e957a6c..86774da 100644
--- a/.github/workflows/sbom.yml
+++ b/.github/workflows/sbom.yml
@@ -65,6 +65,11 @@ on:
       go-private-modules:
         required: false
         type: string
+      run-bundle-install:
+        description: 'Run bundle install before scanning to generate Gemfile.lock at runtime'
+        required: false
+        type: boolean
+        default: false
 
 env:
   # Set the default SBOM filename prefix
@@ -190,6 +195,13 @@ jobs:
       - name: Checkout source
         uses: actions/checkout@v6
 
+      - name: Set up Ruby and run bundle install
+        if: ${{ inputs.run-bundle-install == true }}
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.4'
+          bundler-cache: true
+
       - name: Configure git for private Go modules
         env:
           GOPRIVATE: ${{ inputs.go-private-modules }}