From 01d2044bb601c65d667160c3fd70fd679df51004 Mon Sep 17 00:00:00 2001
From: Michal Nowacki <mnowacki@newrelic.com>
Date: Thu, 2 Jan 2025 15:28:07 -0500
Subject: [PATCH] fix upload of trivy-results

codeql-action/upload-sarif needs to know where the scanned code was checked out
if it has been checked out to a subdir of github.workspace.
---
 .github/workflows/security-scan.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
index 98e8039ba..a5bbd9cd9 100644
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -45,4 +45,5 @@ jobs:
         if: ${{ github.event_name == 'schedule' }}
         uses: github/codeql-action/upload-sarif@v3
         with:
+          checkout_path: ./php-agent
           sarif_file: trivy-results.sarif