From e0249b4d7946b4f5a6da6a95778ee3bbb3efa5db Mon Sep 17 00:00:00 2001
From: royceshen <26153348+royceshen@users.noreply.github.com>
Date: Thu, 23 Apr 2026 14:52:58 +0800
Subject: [PATCH 1/2] security scan integration

---
 .github/workflows/security-scan.yml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 .github/workflows/security-scan.yml

diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
new file mode 100644
index 00000000..d0d422c2
--- /dev/null
+++ b/.github/workflows/security-scan.yml
@@ -0,0 +1,22 @@
+name: safety-scan
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+    branches:
+      - master
+permissions:
+  contents: read
+  checks: write
+
+jobs:
+  safety-scan:
+    with:
+      enable_gitleaks: true
+      enable_trivy_package: true
+      enable_trivy_dockerfile: true
+      enable_hadolint: true
+    uses: node-real/github-workflows/.github/workflows/security-scan.yml@main
+    secrets: inherit
\ No newline at end of file

From 709f32bbc990533370e8bca51413e6d16d764a29 Mon Sep 17 00:00:00 2001
From: royceshen <26153348+royceshen@users.noreply.github.com>
Date: Thu, 23 Apr 2026 15:12:25 +0800
Subject: [PATCH 2/2] security scan integration fix

---
 .github/workflows/security-scan.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
index d0d422c2..373bcedd 100644
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -6,7 +6,7 @@ on:
       - opened
       - synchronize
     branches:
-      - master
+      - main
 permissions:
   contents: read
   checks: write