From 7390c9f9ea4ed541431767a9d84dbd4729017967 Mon Sep 17 00:00:00 2001
From: Matthew Watkins <mwatkins@linuxfoundation.org>
Date: Wed, 5 Nov 2025 09:52:17 +0000
Subject: [PATCH] Fix: Restructure checkout for code build

Change-Id: I2d9ac41b42b46b616da49c24dc127df9fb5ce31c
Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
---
 .github/workflows/security-scans.yaml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/workflows/security-scans.yaml b/.github/workflows/security-scans.yaml
index 1278c7a..2c6239e 100644
--- a/.github/workflows/security-scans.yaml
+++ b/.github/workflows/security-scans.yaml
@@ -46,6 +46,15 @@ jobs:
       # contents: read
       # actions: read
     steps:
+      - name: 'Checkout repository'
+        if: inputs.no_checkout != 'true'
+        # yamllint disable-line rule:line-length
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          # Disabling shallow clones is recommended
+          # This improves the relevancy of reporting output
+          fetch-depth: 0
+
       - name: 'Check for file: pom.xml'
         id: maven-project
         # yamllint disable-line rule:line-length
@@ -63,3 +72,4 @@ jobs:
         uses: lfreleng-actions/sonarqube-cloud-scan-action@a5fb959e36b1e7957b7cae5f4a12bf14b5c66875 # v0.1.3
         with:
           sonar_token: ${{ secrets.SONAR_TOKEN }}
+          no_checkout: true
-- 
2.16.6