Netcracker · anikin-aa · Oct 21, 2025 · Oct 14, 2025 · Oct 14, 2025
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
@@ -1,8 +1,4 @@
-name: Vulnerability Scan
-run-name: Vulnerability Scan for ${{ inputs.target }} ${{ inputs.image && format('({0})', inputs.image) || '' }}
-# This workflow performs security vulnerability scanning on Docker images or source code
-# using Trivy and Grype tools. It can be triggered manually via workflow_dispatch.
-
+name: Docker Security Scan
 on:
   workflow_dispatch:
     inputs:
@@ -15,22 +11,21 @@ on:
           - docker
           - source
       image:
-        description: "Docker image (for docker). By default ghcr.io/<owner>/<repo>:latest"
+        description: "Docker image (for 'docker' target). By default ghcr.io/<owner>/<repo>:latest"
         required: false
         default: ""
-        type: string
       only-high-critical:
-        description: "Scope only HIGH + CRITICAL"
+        description: "Scan only HIGH + CRITICAL"
         required: false
         default: true
         type: boolean
       trivy-scan:
-        description: "Trivy scan"
+        description: "Run Trivy scan"
         required: false
         default: true
         type: boolean
       grype-scan:
-        description: "Grype scan"
+        description: "Run Grype scan"
         required: false
         default: true
         type: boolean
@@ -40,13 +35,18 @@ on:
         default: true
         type: boolean
 
+permissions:
+  contents: read
+  security-events: write
+  actions: read
+
 jobs:
   security-scan:
-    uses: Netcracker/qubership-workflow-hub/.github/workflows/re-security-scan.yml@main
+    uses: netcracker/qubership-workflow-hub/.github/workflows/re-security-scan.yml@main
     with:
-      target: ${{ inputs.target }}
-      image: ${{ inputs.image }}
-      only-high-critical: ${{ inputs.only-high-critical }}
+      target: ${{ github.event.inputs.target || 'source' }}
+      image: ${{ github.event.inputs.image || '' }}
+      only-high-critical: ${{ inputs.only-high-critical}}
       trivy-scan: ${{ inputs.trivy-scan }}
       grype-scan: ${{ inputs.grype-scan }}
-      continue-on-error: ${{ inputs.continue-on-error }}
+      continue-on-error: ${{ inputs.continue-on-error }}