From d30bd05b7b347e4656b148077b844222aeb404e2 Mon Sep 17 00:00:00 2001
From: "pkanoongo@turo.com" <pkanoongo@turo.com>
Date: Wed, 8 Oct 2025 14:52:05 -0500
Subject: [PATCH 1/2] chore(add sec scan): add sec scan

---
 .github/workflows/security-scan.yaml | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 .github/workflows/security-scan.yaml

diff --git a/.github/workflows/security-scan.yaml b/.github/workflows/security-scan.yaml
new file mode 100644
index 0000000..3cf136a
--- /dev/null
+++ b/.github/workflows/security-scan.yaml
@@ -0,0 +1,25 @@
+name: Security scan
+
+on:
+  pull_request_target: {}
+  workflow_dispatch: {}
+  push:
+    branches: [main]
+
+permissions:
+  pull-requests: write
+  contents: read
+  security-events: write
+
+jobs:
+  static-analysis:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout base branch
+        uses: actions/checkout@v5
+        with:
+          ref: ${{ github.event.pull_request.base.sha }}
+
+      - uses: open-turo/actions-security/static-analysis@v4
+        with:
+          semgrep-app-token: ${{ secrets.SEMGREP_APP_TOKEN }}

From 1252e1b6385b7f36b00fea44ffec1faac70c7070 Mon Sep 17 00:00:00 2001
From: "pkanoongo@turo.com" <pkanoongo@turo.com>
Date: Thu, 9 Oct 2025 12:02:40 -0500
Subject: [PATCH 2/2] chore(add sec scan): add sec scan

---
 .github/workflows/security-scan.yaml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/.github/workflows/security-scan.yaml b/.github/workflows/security-scan.yaml
index 3cf136a..0b2dd06 100644
--- a/.github/workflows/security-scan.yaml
+++ b/.github/workflows/security-scan.yaml
@@ -15,11 +15,6 @@ jobs:
   static-analysis:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout base branch
-        uses: actions/checkout@v5
-        with:
-          ref: ${{ github.event.pull_request.base.sha }}
-
       - uses: open-turo/actions-security/static-analysis@v4
         with:
           semgrep-app-token: ${{ secrets.SEMGREP_APP_TOKEN }}