---
name: OSV-Scanner PR Scan

on:
  pull_request:
  workflow_dispatch:

permissions: {}

jobs:
  scan-pr:
    permissions:
      # Require writing security events to upload SARIF file to security tab
      security-events: write
      # Only need to read contents
      contents: read
      actions: read

    # yamllint disable rule:line-length
    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@ab8175fc65a74d8c0308f623b1c617a39bdc34fe"  # v1.9.2 + submodule patch
    with:
      checkout-submodules: true