Scan

PM-25525 debt fix system service provider dependency injection #35653

	name: Scan

	on:
	workflow_dispatch:
	push:
	branches:
	- "main"
	- "rc"
	- "hotfix-rc"
	pull_request:
	types: [opened, synchronize, reopened]
	branches-ignore:
	- "main"
	pull_request_target:
	types: [opened, synchronize, reopened]
	branches:
	- "main"

	permissions: {}

	jobs:
	check-run:
	name: Check PR run
	uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
	permissions:
	contents: read

	sast:
	name: Checkmarx
	uses: bitwarden/gh-actions/.github/workflows/_checkmarx.yml@main
	needs: check-run
	secrets:
	AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
	AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
	permissions:
	contents: read
	pull-requests: write
	security-events: write
	id-token: write

	quality:
	name: Sonar
	uses: bitwarden/gh-actions/.github/workflows/_sonar.yml@main
	needs: check-run
	secrets:
	AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
	AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
	permissions:
	contents: read
	pull-requests: write
	id-token: write
	with:
	sonar-test-inclusions: "*/.spec.ts"
	sonar-exclusions: "*/.spec.ts"

Provide feedback