Use direct CLI approach: clone scanner and run scan.sh #4

	name: Security Scan

	on:
	workflow_dispatch:
	push:
	branches:
	- java-security

	jobs:
	build-and-scan:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0

	- name: Set up JDK 8
	uses: actions/setup-java@b6e674f4b717d7b0ae3baee0fbe79f498905dfde # v1.4.4
	with:
	java-version: 8

	- name: Cache Maven packages
	uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
	with:
	path: ~/.m2
	key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
	restore-keys: ${{ runner.os }}-m2

	- name: Build JAR
	run: mvn --errors package -DskipTests -pl databricks-sdk-java

	- name: Checkout scanner
	uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
	with:
	repository: databricks-eng/gh-action-scan
	path: .scan
	token: ${{ secrets.GITHUB_TOKEN }}

	- name: Run security scan
	run: \|
	chmod +x .scan/scan.sh
	.scan/scan.sh \
	--artifact-path databricks-sdk-java/target/ \
	--artifact-name databricks-sdk-java \
	--output-dir ./scan-results

	- name: Upload scan results
	if: ${{ !cancelled() }}
	uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
	with:
	name: security-scan-results
	path: ./scan-results/
	if-no-files-found: warn

Provide feedback