feat(sca-setup): sca-setup-deps documentation, uv support, and full input coverage

.github/workflows/docs/container-scan-and-guard.md

@@ -313,6 +313,7 @@ jobs:
 
 ## Related Documentation
 
+- [SCA Setup Dependencies](../../../sca-setup-deps/README.md) — Set up build environments (Java, Node, Python, .NET) before source-code SCA scanning
 - [Workflow Config Loader](../../../workflow-config-loader/README.md)
 - [Container Scan Action](../../../container/container-scan/README.md)
 - [Container FOSSA Scan](../../../container/fossa-scan/README.md)

.github/workflows/docs/sca-scan-and-guard.md

@@ -89,6 +89,8 @@ jobs:
 
 ## Inputs
 
+### Core Inputs
+
 | Input | Required | Default | Description |
 |-------|----------|---------|-------------|
 | `git_ref` | No | (empty) | Git ref to checkout (e.g., `0.0.269` for releases). Leave empty for PR context. |
@@ -99,6 +101,26 @@ jobs:
 | `config_file` | No | `.github/workflow-config.json` | Path to workflow configuration file |
 | `additional_scan_params` | No | (empty) | Additional scanner-specific parameters (see below) |
 
+### Dependency Setup Inputs
+
+These inputs configure the build environment before FOSSA runs. See [SCA Setup Dependencies](../../../sca-setup-deps/README.md) for full documentation.
+
+| Input | Required | Default | Description |
+|-------|----------|---------|-------------|
+| `setup_actions` | No | `'["setup-java", "maven-settings"]'` | JSON array of setup steps to run |
+| `vault_secrets` | No | (empty) | Multiline Vault secret mappings (`secret/path KEY \| ENV_VAR`) |
+| `custom_setup_script` | No | (empty) | Custom bash script to run before the scan |
+| `java_version` | No | `"17"` | Java version |
+| `node_version` | No | `"20"` | Node.js version |
+| `python_version` | No | `"3.10"` | Python version |
+| `dotnet_versions` | No | `"6.0.x"` | .NET SDK versions |
+| `maven_build_command` | No | `"mvn clean install -DskipTests"` | Maven build command |
+| `maven_settings_repositories` | No | (empty) | Maven repositories configuration (JSON) |
+| `maven_settings_servers` | No | (empty) | Maven servers configuration (JSON) |
+| `npm_install_command` | No | `"npm install"` | NPM install command |
+| `python_install_command` | No | `"pip install -r requirements.txt"` | Python install command |
+| `dotnet_restore_command` | No | `"dotnet restore"` | .NET restore command |
+
 ## Secrets
 
 | Secret | Required | Description |
@@ -178,6 +200,95 @@ additional_scan_params: |
 
 **See**: [FOSSA Scan Action](../../../.github/actions/sca/fossa-scan/README.md) for full parameter list
 
+## Dependency Setup
+
+Before FOSSA scans your project, the workflow runs the `sca-setup-deps` composite action to prepare the build environment so that all dependencies are resolvable. You control which setup steps run via the `setup_actions` JSON array.
+
+**Full documentation**: [SCA Setup Dependencies](../../../sca-setup-deps/README.md)
+
+### Java / Maven (Default)
+
+Maven setup runs by default with no extra configuration:
+
+```yaml
+jobs:
+  sca-scan:
+    uses: SolaceDev/solace-public-workflows/.github/workflows/sca-scan-and-guard.yaml@main
+    with:
+      use_vault: true
+      # setup_actions defaults to '["setup-java", "maven-settings"]'
+```
+
+### Node / NPM
+
+```yaml
+jobs:
+  sca-scan:
+    uses: SolaceDev/solace-public-workflows/.github/workflows/sca-scan-and-guard.yaml@main
+    with:
+      use_vault: true
+      setup_actions: '["setup-node", "npm-config"]'
+      node_version: "18"
+```
+
+### Python
+
+```yaml
+jobs:
+  sca-scan:
+    uses: SolaceDev/solace-public-workflows/.github/workflows/sca-scan-and-guard.yaml@main
+    with:
+      use_vault: true
+      setup_actions: '["setup-python", "python-install"]'
+      python_version: "3.11"
+```
+
+### .NET
+
+```yaml
+jobs:
+  sca-scan:
+    uses: SolaceDev/solace-public-workflows/.github/workflows/sca-scan-and-guard.yaml@main
+    with:
+      use_vault: true
+      setup_actions: '["setup-dotnet", "dotnet-nuget-config", "dotnet-restore"]'
+      dotnet_versions: "8.0.x"
+```
+
+### Custom Setup Script
+
+```yaml
+jobs:
+  sca-scan:
+    uses: SolaceDev/solace-public-workflows/.github/workflows/sca-scan-and-guard.yaml@main
+    with:
+      use_vault: true
+      setup_actions: '["setup-java", "maven-settings", "custom-script"]'
+      custom_setup_script: |
+        echo "Generating protobuf sources..."
+        mvn generate-sources -pl proto-module
+```
+
+### Retrieving Build Credentials from Vault
+
+Use `vault_secrets` to inject credentials needed for private registries or repositories:
+
+```yaml
+jobs:
+  sca-scan:
+    uses: SolaceDev/solace-public-workflows/.github/workflows/sca-scan-and-guard.yaml@main
+    with:
+      use_vault: true
+      setup_actions: '["setup-java", "maven-settings", "maven-build"]'
+      vault_secrets: |
+        secret/data/nexus USERNAME | NEXUS_USERNAME
+        secret/data/nexus PASSWORD | NEXUS_PASSWORD
+      maven_settings_servers: |
+        [{"id": "central", "username": "${env.NEXUS_USERNAME}", "password": "${env.NEXUS_PASSWORD}"}]
+```
+
+Alternatively, configure `secret_mappings` in your `workflow-config.json` to avoid passing `vault_secrets` each time. See [SCA Setup Dependencies](../../../sca-setup-deps/README.md#vault-secret-mappings) for details.
+
 ## Scan Contexts
 
 The workflow automatically detects the scan context:
@@ -388,6 +499,7 @@ jobs:
 
 ## Related Documentation
 
+- [SCA Setup Dependencies](../../../sca-setup-deps/README.md)
 - [Workflow Config Loader](../../../workflow-config-loader/README.md)
 - [SCA Scan Action](../../../.github/actions/sca/sca-scan/README.md)
 - [FOSSA Scan Action](../../../.github/actions/sca/fossa-scan/README.md)

.github/workflows/sca-scan-and-guard.yaml

@@ -86,25 +86,25 @@ on:
 
       # Build/Install Commands
       maven_build_command:
-        description: "Maven build command"
+        description: "Maven build command (default: 'mvn clean install -DskipTests')"
         required: false
         type: string
-        default: "mvn clean install -DskipTests"
+        default: ''
       npm_install_command:
-        description: "NPM install command"
+        description: "NPM install command (default: 'npm install')"
         required: false
         type: string
-        default: "npm install"
+        default: ''
       python_install_command:
-        description: "Python install command"
+        description: "Python install command (default: 'pip install -r requirements.txt')"
         required: false
         type: string
-        default: "pip install -r requirements.txt"
+        default: ''
       dotnet_restore_command:
-        description: ".NET restore command"
+        description: ".NET restore command (default: 'dotnet restore')"
         required: false
         type: string
-        default: "dotnet restore"
+        default: ''
 
       # Maven Configuration
       maven_settings_repositories: