From d8dd04b29b735e72acc818bbefe7fdd2af7b9f16 Mon Sep 17 00:00:00 2001
From: borislavr <noreply@github.com>
Date: Thu, 23 Oct 2025 08:19:15 +0000
Subject: [PATCH] feat(ci): add security-scan workflow to scan for
 vulnerabilities in dependencies Related issue:
 https://github.com/Netcracker/.github/issues/190

---
 .github/workflows/security-scan.yml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
index 2ac4e13..fc1e926 100644
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -1,4 +1,4 @@
-name: Docker Security Scan
+name: Security Scan
 on:
   workflow_dispatch:
     inputs:
@@ -34,11 +34,17 @@ on:
         required: false
         default: true
         type: boolean
+      only-fixed:
+        description: "Show only fixable vulnerabilities"
+        required: false
+        default: true
+        type: boolean
 
 permissions:
   contents: read
   security-events: write
   actions: read
+  packages: read
 
 jobs:
   security-scan:
@@ -49,4 +55,5 @@ jobs:
       only-high-critical: ${{ inputs.only-high-critical}}
       trivy-scan: ${{ inputs.trivy-scan }}
       grype-scan: ${{ inputs.grype-scan }}
+      only-fixed: ${{ inputs.only-fixed }}
       continue-on-error: ${{ inputs.continue-on-error }}
\ No newline at end of file