tinyfish-io · akuzminsky · Mar 26, 2025 · Mar 26, 2025 · Mar 26, 2025 · Mar 26, 2025
@@ -1,26 +1,22 @@
 ---
 name: OSV-Scanner PR Scan
 
-on:  # yamllint disable-line rule:truthy
+on: # yamllint disable-line rule:truthy
   pull_request:
     branches: [main]
   merge_group:
     branches: [main]
 
 permissions:
+  # Required to upload SARIF file to CodeQL. See: https://github.com/github/codeql-action/issues/2117
+  actions: read
+  # Require writing security events to upload SARIF file to security tab
+  security-events: write
+  # Only need to read contents
   contents: read
-  pull-requests: write
-
-env:
-  GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
 
 jobs:
   vulnerability-check:
-    runs-on: ["self-hosted", "Linux"]
-    steps:
-      - uses: actions/checkout@v4
-      - name: Detect vulnerabilities
-        run: |
-          ih-github scan \
-            --repo ${{ github.repository }} \
-            --pull-request ${{ github.event.pull_request.number }}
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.9.2"
+    with:
+      upload-sarif: false
diff --git a/examples/js/package-lock.json b/examples/js/package-lock.json