Migrate third-party-deps-scan to new workflow location

parlough · athomas · commit a571ba78f74c · 2025-08-19T02:25:20.000-07:00
Closes #61357 GitOrigin-RevId: 97bf145 Change-Id: I9beb6b43e73bd9425d607f3cc555f5fdcbc9b6ce Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/445900 Reviewed-by: Alexander Thomas <athom@google.com>
diff --git a/.github/workflows/third-party-deps-scan.yml b/.github/workflows/third-party-deps-scan.yml
@@ -13,44 +13,44 @@ permissions: read-all
 
 jobs:
   extract-deps:
-    name: Extract Dependencies
+    name: Extract dependencies
     runs-on: 'ubuntu-24.04'
     if: ${{ (github.repository == 'dart-lang/sdk' && github.event_name == 'push') || github.event.label.name == 'vulnerability scan' }}
     permissions:
-      # Needed to upload the SARIF results to code-scanning dashboard.
+      # Needed to upload the SARIF results to the code-scanning dashboard.
       security-events: write
       contents: read
     steps:
       - name: "Checkout code"
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
         with:
           persist-credentials: false
-      - name: "setup python"
+      - name: "Set up python"
         uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065
         with:
-          python-version: '3.13.3' # install the python version needed
-      - name: "extract deps, find commit hash, pass to osv-scanner"
+          python-version: '3.13.3' # Install the python version needed.
+      - name: "Extract deps, find commit hash, pass to osv-scanner"
         run: python .github/extract_deps.py --output osv-lockfile-${{github.sha}}.json
-      - name: "upload osv-scanner deps"
+      - name: "Upload osv-scanner deps"
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
         with:
-          # use github.ref in name to avoid duplicated artifacts
+          # Use github.ref in name to avoid duplicated artifacts.
           name: osv-lockfile-${{github.sha}}
           path: osv-lockfile-${{github.sha}}.json
           retention-days: 2
   vuln-scan:
     name: Vulnerability scanning
     needs:
       extract-deps
-    uses: "google/osv-scanner/.github/workflows/osv-scanner-reusable.yml@main"
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@main"
     with:
-      # Download the artifact uploaded in extract-deps step
+      # Download the artifact uploaded in the extract-deps step.
       download-artifact: osv-lockfile-${{github.sha}}
       scan-args: |-
         --lockfile=osv-scanner:osv-lockfile-${{github.sha}}.json
       fail-on-vuln: false
-    # makes sure the osv-formatted vulns are uploaded
+    # Makes sure the osv-formatted vulns are uploaded.
     permissions:
-      # Needed to upload the SARIF results to code-scanning dashboard.
+      # Needed to upload the SARIF results to the code-scanning dashboard.
       security-events: write
       contents: read
