From 2f333879156cb1507e91299edce7894ca97cebf4 Mon Sep 17 00:00:00 2001
From: Maarten Zuidhoorn <maarten@zuidhoorn.com>
Date: Thu, 6 Feb 2025 11:42:29 +0100
Subject: [PATCH 1/2] Run code scanner from main workflow

---
 .github/workflows/main.yml                  | 12 ++++++++++++
 .github/workflows/security-code-scanner.yml | 13 ++++++++-----
 2 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index d9ae65fbd2..71975be763 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -20,6 +20,18 @@ jobs:
         run: ${{ steps.download-actionlint.outputs.executable }} -color
         shell: bash
 
+  analyse-code:
+    name: Code scanner
+    needs: check-workflows
+    uses: ./.github/workflows/security-code-scanner.yml
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    secrets:
+      SECURITY_SCAN_METRICS_TOKEN: ${{ secrets.SECURITY_SCAN_METRICS_TOKEN }}
+      APPSEC_BOT_SLACK_WEBHOOK: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }}
+
   update-pull-request:
     name: Update pull request
     needs: check-workflows
diff --git a/.github/workflows/security-code-scanner.yml b/.github/workflows/security-code-scanner.yml
index 6a729b418a..d5511f2e2c 100644
--- a/.github/workflows/security-code-scanner.yml
+++ b/.github/workflows/security-code-scanner.yml
@@ -1,9 +1,12 @@
 name: 'MetaMask Security Code Scanner'
 
 on:
-  push:
-    branches: ['main']
-  pull_request:
+  workflow_call:
+    secrets:
+      SECURITY_SCAN_METRICS_TOKEN:
+        required: false
+      APPSEC_BOT_SLACK_WEBHOOK:
+        required: false
 
 jobs:
   run-security-scan:
@@ -13,7 +16,7 @@ jobs:
       contents: read
       security-events: write
     steps:
-      - name: MetaMask Security Code Scanner
+      - name: Analyse code
         uses: MetaMask/Security-Code-Scanner@main
         with:
           repo: ${{ github.repository }}
@@ -31,5 +34,5 @@ jobs:
             '**/jest.environment.js'
             '**/jest.config.js'
             node_modules
-          project_metrics_token: ${{secrets.SECURITY_SCAN_METRICS_TOKEN}}
+          project_metrics_token: ${{ secrets.SECURITY_SCAN_METRICS_TOKEN }}
           slack_webhook: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }}

From 8a33e69f11bf944a8bc5e800a11110984bd570c7 Mon Sep 17 00:00:00 2001
From: Maarten Zuidhoorn <maarten@zuidhoorn.com>
Date: Thu, 6 Feb 2025 11:45:37 +0100
Subject: [PATCH 2/2] Update name

---
 .github/workflows/security-code-scanner.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/security-code-scanner.yml b/.github/workflows/security-code-scanner.yml
index d5511f2e2c..b84875eb5f 100644
--- a/.github/workflows/security-code-scanner.yml
+++ b/.github/workflows/security-code-scanner.yml
@@ -10,6 +10,7 @@ on:
 
 jobs:
   run-security-scan:
+    name: Run security scan
     runs-on: ubuntu-latest
     permissions:
       actions: read