Update security-scan.yml

hashicorp · Sep 17, 2024 · 03ff05b · 03ff05b
1 parent bc10c47
commit 03ff05b
Showing 1 changed file with 5 additions and 7 deletions.
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
@@ -9,20 +9,19 @@ on:
     branches:
       - main
       - release/**
+    paths-ignore:
+      - '_doc/**'
+      - '.changelog/**'
 
 # cancel existing runs of the same workflow on the same ref
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
   cancel-in-progress: true
 
 jobs:
-  conditional-skip:
-    uses: ./.github/workflows/reusable-conditional-skip.yml
 
   get-go-version:
     # Cascades down to test jobs
-    needs: [conditional-skip]
-    if: needs.conditional-skip.outputs.skip-ci != 'true'
     uses: ./.github/workflows/reusable-get-go-version.yml
 
   scan:
@@ -46,8 +45,7 @@ jobs:
         uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
         with:
           repository: hashicorp/security-scanner
-          #TODO: replace w/ HASHIBOT_PRODSEC_GITHUB_TOKEN once provisioned
-          token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
+          token: ${{ secrets.PRODSEC_SCANNER_READ_ONLY }}
           path: security-scanner
           ref: main
 
@@ -66,4 +64,4 @@ jobs:
       - name: Upload SARIF file
         uses: github/codeql-action/upload-sarif@c4fb451437765abf5018c6fbf22cce1a7da1e5cc # codeql-bundle-v2.17.1
         with:
-          sarif_file: results.sarif
+          sarif_file: results.sarif