diff --git a/.github/workflows/ci-main-pull-request.yml b/.github/workflows/ci-main-pull-request.yml
index 3b99931..38cd0af 100644
--- a/.github/workflows/ci-main-pull-request.yml
+++ b/.github/workflows/ci-main-pull-request.yml
@@ -784,6 +784,13 @@ jobs:
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: '3.4'
+          bundler-cache: false
+
+      - name: Configure Bundler for private Ruby gems
+        if: ${{ inputs.language == 'ruby' && inputs.build-profile == 'cli' }}
+        run: |
+          bundle config set --local github.com "x-access-token:${{ secrets.GH_PRIVATE_REPO_TOKEN }}"
+
       - name: 'Ruby build'
         if: ${{ inputs.language == 'ruby' && inputs.build-profile == 'cli' }}
         continue-on-error: true
diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml
index c5cab7f..1b50694 100644
--- a/.github/workflows/sbom.yml
+++ b/.github/workflows/sbom.yml
@@ -202,12 +202,17 @@ jobs:
       - name: Checkout source
         uses: actions/checkout@v6
 
-      - name: Set up Ruby and run bundle install
-        if: ${{ inputs.language == 'ruby' }} # only run for Ruby projects where we need to generate Gemfile.lock at runtime, inputs.run-bundle-install == true 
+      - name: Set up Ruby
+        if: ${{ inputs.language == 'ruby' }}
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: '3.4'
-          bundler-cache: true
+          bundler-cache: false
+
+      - name: Configure Bundler for private Ruby gems
+        if: ${{ inputs.run-bundle-install == true && inputs.language == 'ruby' }}
+        run: |
+          bundle config set --local github.com "x-access-token:${{ secrets.GH_PRIVATE_REPO_TOKEN }}"
 
       - name: Configure git for private Go modules
         if : ${{ inputs.go-private-modules != '' }}