chore: update Black Duck scan workflow reference to a specific commit (#625)

morri-son · morrison-sap · web-flow · commit 258ed15246e2 · 2025-04-23T15:12:08.000+02:00
On-behalf-of: Gerald Morrison (SAP) &lt;gerald.morrison@sap.com&gt;
Signed-off-by: Gerald Morrison (SAP) &lt;gerald.morrison@sap.com&gt;

&lt;!-- markdownlint-disable MD041 --&gt;
#### What this PR does / why we need it
To be more secure, we restrict the reusable workflow to a fixed commit.

---------

Signed-off-by: Gerald Morrison (SAP) &lt;gerald.morrison@sap.com&gt;
Co-authored-by: Gerald Morrison (SAP) &lt;gerald.morrison@sap.com&gt;
diff --git a/.github/workflows/trigger-blackduck-scan.yaml b/.github/workflows/trigger-blackduck-scan.yaml
@@ -15,12 +15,10 @@ on:
 
 jobs:
   trigger-scan:
-    uses: open-component-model/.github/.github/workflows/blackduck-scan.yaml@5ae45327f84644e21228845d8b4b682e9c7297ab
+    uses: open-component-model/.github/.github/workflows/blackduck-scan.yaml@47e68e42a6d78125d519e6e008c2b203385a0a72
     with:
       # required to be able to differentiate between PRs and pushes in the called workflow (rapid or full scan)
       event_type: ${{ github.event_name }}
-    secrets:
-      BLACKDUCK_API_TOKEN: ${{ secrets.BLACKDUCK_API_TOKEN }}
-      BLACKDUCK_URL: ${{ secrets.BLACKDUCK_URL }}
+    secrets: inherit
     permissions:
       contents: read
