# !!! Important !!! # any change to this workflow will not take into effect on the same PR and only after, # because of security implications from target 'pull_request_target' name: security on: pull_request_target: # this is needed to use the API key in a PR branches: - main permissions: contents: read jobs: start-security-scan: runs-on: ubuntu-latest environment: scan-security steps: - run: echo start security scan # just needs a simple step to better control the follow-up jobs security: needs: start-security-scan uses: ./.github/workflows/security-shared.yml secrets: inherit