Test: Verify SCS/Scorecard works with fork PRs After PR Got Merged [DO NOT MERGE]

[cosmir17]

Purpose

Testing the SCS fix from PM-19431 to verify that Supply Chain Security scanning works correctly for fork PRs using GITHUB_TOKEN.

What this tests

• Fork PRs can run Checkmarx with SCS/Scorecard enabled
• GITHUB_TOKEN has sufficient permissions for SCS on public forks
• The fix in feat: Add fork-friendly Checkmarx action for public repos (PM-19431) upload-sarif-github-action#25 works as expected (has been merged to main)

Expected behavior

The CI should show:

• ✅ Checkmarx scan runs via pull_request_target
• ✅ "SCS/Scorecard: Enabled" in the logs
• ✅ SCS parameters included in scan command
• ✅ No permission errors for SCS token

Action required

• Please DO NOT merge this PR
• Will close once SCS functionality is verified
• Check the Checkmarx scan logs for SCS results

Related to: PM-19431

[cosmir17]

Production verification complete! ✅

The fork-friendly Checkmarx action is working perfectly:

• Build succeeded with main branch
• SCS/Scorecard enabled using github.token
• Successfully scanning fork repository
• No permission errors

Build log: https://github.com/midnightntwrk/midnight-node-docker/actions/runs/18021180983/job/51278610712?pr=60
PM-19431 is working. Fork PRs can now run security scans on public repos.
Closing this test PR as it has served its purpose.