From f1dd1d1e181c08db13b144c9ee23a2f88cdd6256 Mon Sep 17 00:00:00 2001
From: Akhil Anand <btme@amazon.com>
Date: Thu, 5 Oct 2023 16:22:40 +0530
Subject: [PATCH 1/2] feature-5232-Security-Scans-OSV-Scanner

---
 .github/workflows/osv-scanner.yml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 .github/workflows/osv-scanner.yml

diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml
new file mode 100644
index 0000000000..e4ee26c79b
--- /dev/null
+++ b/.github/workflows/osv-scanner.yml
@@ -0,0 +1,27 @@
+name: OSV Scanner
+
+on:
+  pull_request:
+  push:
+
+jobs:
+  OSV-Scanner:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Install Golang
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.19'
+
+      - name: Install OSV Scanner
+        run: |
+          go install github.com/google/osv-scanner/cmd/osv-scanner@latest
+
+      - name: Scan for Vulnerabilities
+        run: |
+          osv-scanner -r .

From 8eb5b3467a5e47095214554bfb80d8280151012c Mon Sep 17 00:00:00 2001
From: Steven Nguyen <1477010+stnguyen90@users.noreply.github.com>
Date: Wed, 24 Apr 2024 23:00:23 +0000
Subject: [PATCH 2/2] feat(security): add github workflow to check dependencies

This workflow action uses OSV Scanner, an open source vulnerability
scanner by Google. We're using OSV Scanner because it has:

* good usability - JSON output and multiple options
* good accuracy - OSV database from google and support
  for multiple languages including PHP
---
 .github/workflows/check-dependencies.yml | 19 +++++++++++++++++
 .github/workflows/osv-scanner.yml        | 27 ------------------------
 2 files changed, 19 insertions(+), 27 deletions(-)
 create mode 100644 .github/workflows/check-dependencies.yml
 delete mode 100644 .github/workflows/osv-scanner.yml

diff --git a/.github/workflows/check-dependencies.yml b/.github/workflows/check-dependencies.yml
new file mode 100644
index 0000000000..17caf3aa6b
--- /dev/null
+++ b/.github/workflows/check-dependencies.yml
@@ -0,0 +1,19 @@
+name: Check dependencies
+
+# Adapted from https://google.github.io/osv-scanner/github-action/#scan-on-pull-request
+
+on:
+  pull_request:
+    branches: [main, 1.*.x]
+  merge_group:
+    branches: [main, 1.*.x]
+
+permissions:
+  # Require writing security events to upload SARIF file to security tab
+  security-events: write
+  # Only need to read contents
+  contents: read
+
+jobs:
+  scan-pr:
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.7.1"
\ No newline at end of file
diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml
deleted file mode 100644
index e4ee26c79b..0000000000
--- a/.github/workflows/osv-scanner.yml
+++ /dev/null
@@ -1,27 +0,0 @@
-name: OSV Scanner
-
-on:
-  pull_request:
-  push:
-
-jobs:
-  OSV-Scanner:
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-
-      - name: Install Golang
-        uses: actions/setup-go@v4
-        with:
-          go-version: '1.19'
-
-      - name: Install OSV Scanner
-        run: |
-          go install github.com/google/osv-scanner/cmd/osv-scanner@latest
-
-      - name: Scan for Vulnerabilities
-        run: |
-          osv-scanner -r .