From e4abb2c75172d3c733d3292dc378447523f2923b Mon Sep 17 00:00:00 2001
From: Matt Andreko <mandreko@bitwarden.com>
Date: Fri, 21 Mar 2025 09:12:47 -0400
Subject: [PATCH] Update SARIF upload to use proper branch (#732)

---
 .github/workflows/scan.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
index b0680edc..4fa35042 100644
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -47,6 +47,8 @@ jobs:
         uses: github/codeql-action/upload-sarif@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3
         with:
           sarif_file: cx_result.sarif
+          sha: ${{ contains(github.event_name, 'pull_request') && github.event.pull_request.head.sha || github.sha }}
+          ref: ${{ contains(github.event_name, 'pull_request') && format('refs/pull/{0}/head', github.event.pull_request.number) || github.ref }}
 
   quality:
     name: Quality scan