Pin gh-action-scan to full commit SHA (org requirement) #3

	name: Security Scan

	on:
	workflow_dispatch:
	push:
	branches:
	- java-security

	jobs:
	build-and-scan:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0

	- name: Set up JDK 8
	uses: actions/setup-java@b6e674f4b717d7b0ae3baee0fbe79f498905dfde # v1.4.4
	with:
	java-version: 8

	- name: Cache Maven packages
	uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
	with:
	path: ~/.m2
	key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
	restore-keys: ${{ runner.os }}-m2

	- name: Build JAR
	run: mvn --errors package -DskipTests -pl databricks-sdk-java

	- name: Security scan
	uses: databricks-eng/gh-action-scan@1c260de6986f77d8c505975ce434830a7afdb95f # main
	with:
	artifact-path: databricks-sdk-java/target/
	artifact-name: databricks-sdk-java

Provide feedback