From d1e69844103ad9f6b101347b823c2ac10d3807a7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 3 Nov 2025 06:42:06 +0000
Subject: [PATCH 1/2] Bump MetaMask/action-security-code-scanner from 1 to 2

Bumps [MetaMask/action-security-code-scanner](https://github.com/metamask/action-security-code-scanner) from 1 to 2.
- [Release notes](https://github.com/metamask/action-security-code-scanner/releases)
- [Changelog](https://github.com/MetaMask/action-security-code-scanner/blob/main/CHANGELOG.md)
- [Commits](https://github.com/metamask/action-security-code-scanner/compare/v1...v2)

---
updated-dependencies:
- dependency-name: MetaMask/action-security-code-scanner
  dependency-version: '2'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/security-code-scanner.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/security-code-scanner.yml b/.github/workflows/security-code-scanner.yml
index ababbbe..15bc7a6 100644
--- a/.github/workflows/security-code-scanner.yml
+++ b/.github/workflows/security-code-scanner.yml
@@ -19,7 +19,7 @@ jobs:
       security-events: write
     steps:
       - name: Analyse code
-        uses: MetaMask/action-security-code-scanner@v1
+        uses: MetaMask/action-security-code-scanner@v2
         with:
           repo: ${{ github.repository }}
           paths_ignored: |

From 2be9548f20e125ada8fc13bf9ffaf1b2bd8ae102 Mon Sep 17 00:00:00 2001
From: Maarten Zuidhoorn <maarten@zuidhoorn.com>
Date: Mon, 17 Nov 2025 14:52:20 +0100
Subject: [PATCH 2/2] Handle breaking changes

---
 .github/workflows/main.yml                  | 32 +++++++++++---
 .github/workflows/security-code-scanner.yml | 47 ---------------------
 2 files changed, 27 insertions(+), 52 deletions(-)
 delete mode 100644 .github/workflows/security-code-scanner.yml

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 21493f8..b1ef501 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -23,16 +23,38 @@ jobs:
         shell: bash
 
   analyse-code:
-    name: Code scanner
+    name: Analyse code
     needs: check-workflows
-    uses: ./.github/workflows/security-code-scanner.yml
+    uses: MetaMask/action-security-code-scanner/.github/workflows/security-scan.yml@v2
+    with:
+      scanner-ref: v2
+      paths-ignored: |
+        .storybook/
+        **/__snapshots__/
+        **/*.snap
+        **/*.stories.js
+        **/*.stories.tsx
+        **/*.test.browser.ts*
+        **/*.test.js*
+        **/*.test.ts*
+        **/fixtures/
+        **/jest.config.js
+        **/jest.environment.js
+        **/mocks/
+        **/test*/
+        docs/
+        e2e/
+        merged-packages/
+        node_modules/
+        storybook/
+        test*/
+    secrets:
+      project-metrics-token: ${{ secrets.SECURITY_SCAN_METRICS_TOKEN }}
+      slack-webhook: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }}
     permissions:
       actions: read
       contents: read
       security-events: write
-    secrets:
-      SECURITY_SCAN_METRICS_TOKEN: ${{ secrets.SECURITY_SCAN_METRICS_TOKEN }}
-      APPSEC_BOT_SLACK_WEBHOOK: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }}
 
   build-lint-test:
     name: Build, lint, and test
diff --git a/.github/workflows/security-code-scanner.yml b/.github/workflows/security-code-scanner.yml
deleted file mode 100644
index 15bc7a6..0000000
--- a/.github/workflows/security-code-scanner.yml
+++ /dev/null
@@ -1,47 +0,0 @@
-name: MetaMask Security Code Scanner
-
-on:
-  workflow_call:
-    secrets:
-      SECURITY_SCAN_METRICS_TOKEN:
-        required: false
-      APPSEC_BOT_SLACK_WEBHOOK:
-        required: false
-  workflow_dispatch:
-
-jobs:
-  run-security-scan:
-    name: Run security scan
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-    steps:
-      - name: Analyse code
-        uses: MetaMask/action-security-code-scanner@v2
-        with:
-          repo: ${{ github.repository }}
-          paths_ignored: |
-            .storybook/
-            '**/__snapshots__/'
-            '**/*.snap'
-            '**/*.stories.js'
-            '**/*.stories.tsx'
-            '**/*.test.browser.ts*'
-            '**/*.test.js*'
-            '**/*.test.ts*'
-            '**/fixtures/'
-            '**/jest.config.js'
-            '**/jest.environment.js'
-            '**/mocks/'
-            '**/test*/'
-            docs/
-            e2e/
-            merged-packages/
-            node_modules
-            storybook/
-            test*/
-          rules_excluded: example
-          project_metrics_token: ${{ secrets.SECURITY_SCAN_METRICS_TOKEN }}
-          slack_webhook: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }}