From d353bc8c993216d292fdcbda1936e5c2f96f1b49 Mon Sep 17 00:00:00 2001
From: Xianpeng Shen <xianpeng.shen@gmail.com>
Date: Fri, 7 Nov 2025 16:24:45 +0200
Subject: [PATCH 1/2] fix: update snyk-container-analysis.yml

---
 .github/workflows/snyk-container-analysis.yml | 23 +++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/snyk-container-analysis.yml b/.github/workflows/snyk-container-analysis.yml
index ad54c10..d4edeea 100644
--- a/.github/workflows/snyk-container-analysis.yml
+++ b/.github/workflows/snyk-container-analysis.yml
@@ -20,5 +20,24 @@ on:
 
 jobs:
   snyk:
-    uses: cpp-linter/.github/.github/workflows/snyk-container.yml@main
-    secrets: inherit
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      with:
+        persist-credentials: false
+    - name: Run Snyk to check Docker image for vulnerabilities
+      continue-on-error: true
+      uses: snyk/actions/docker@9adf32b1121593767fc3c057af55b55db032dc04 # v1.0.0
+      env:
+        # In order to use the Snyk Action you will need to have a Snyk API token.
+        # More details in https://github.com/snyk/actions#getting-your-snyk-token
+        # or you can sign up for free at https://snyk.io/login
+        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      with:
+        image: xianpengshen/clang-tools:21
+        args: --severity-threshold=high --file=Dockerfile
+
+    - name: Upload result to GitHub Code Scanning
+      uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
+      with:
+        sarif_file: snyk.sarif

From 39802fc41ca7eb7cc10e6e8d18a02197a71328ed Mon Sep 17 00:00:00 2001
From: Xianpeng Shen <xianpeng.shen@gmail.com>
Date: Fri, 7 Nov 2025 16:27:05 +0200
Subject: [PATCH 2/2] fix: Update snyk-container-analysis.yml

---
 .github/workflows/snyk-container-analysis.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/snyk-container-analysis.yml b/.github/workflows/snyk-container-analysis.yml
index d4edeea..aa805ff 100644
--- a/.github/workflows/snyk-container-analysis.yml
+++ b/.github/workflows/snyk-container-analysis.yml
@@ -13,10 +13,12 @@ on:
     branches: [ master ]
     paths:
       - 'Dockerfile*'
+      - '.github/workflows/snyk-container-analysis.yml'
   pull_request:
     branches: [ master ]
     paths:
       - 'Dockerfile*'
+      - '.github/workflows/snyk-container-analysis.yml'
 
 jobs:
   snyk: