fix path and plugin

dduzgun-security · dduzgun-security · commit c78f4b628562 · 2025-06-05T13:50:45.000-04:00
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
@@ -35,8 +35,15 @@ jobs:
     if: ${{ (github.repository != 'hashicorp/nomad' || (github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name))
       && (github.actor != 'dependabot[bot]') && (github.actor != 'hc-github-team-nomad-core') }}
 
+    permissions:
+      contents: read
+      actions: read
+      security-events: write
+
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+            path: code
       - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
         with:
           python-version: 3.x
@@ -63,7 +70,8 @@ jobs:
         id: scan
         uses: ./security-scanner
         with:
-          repository: "$PWD"
+          repository: "code"
+          plugins: "codeql semgrep"
         env:
           SECURITY_SCANNER_CONFIG_FILE: .github/scan.hcl
           # See scan.hcl at repository .github location for config.
