From 970d0ae16635e8d7bee8e8b201106568483d5d26 Mon Sep 17 00:00:00 2001
From: Bill Napier <napier@pobox.com>
Date: Fri, 14 Feb 2025 02:38:39 +0000
Subject: [PATCH] Change workflow to checkout config as well.

---
 .github/workflows/action_scanning.yml | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/action_scanning.yml b/.github/workflows/action_scanning.yml
index 1358644..8952ac1 100644
--- a/.github/workflows/action_scanning.yml
+++ b/.github/workflows/action_scanning.yml
@@ -23,12 +23,19 @@ jobs:
     if: (github.actor != 'dependabot[bot]')
 
     steps:
-      - name: Checkout Code
+      - name: Checkout Workflow Config
         uses: actions/checkout@v4
-    
+        with:
+          repository: ${github.action_repository}
+          path: action_scanning
+
+      - name: Checkout Code
+        uses: actions/checkout@v4    
+        with:
+          path: code_to_scan
     
       - name: Run Actions semgrep scan
-        run: semgrep scan --sarif --config semgrep-rules/actions >> semgrep-results-actions.sarif
+        run: semgrep scan --sarif --config action_scanning/semgrep-rules/actions code_to_scan >> semgrep-results-actions.sarif
     
       - name: Save Actions SARIF results as artifact
         uses: actions/upload-artifact@v4