From 59b23f628f5bf8a1bb65c0d744884ffa76bd186a Mon Sep 17 00:00:00 2001
From: Vault Automation <github-team-secure-vault-core@hashicorp.com>
Date: Fri, 19 Dec 2025 16:45:41 -0700
Subject: [PATCH] use 'stable' instead of .go-version for the security scanner
 (#11374) (#11463)

* use 'stable' instead of .go-version for the security scanner

if we don't do this, the security scanner might not run because it's
using a different version of Go than what we have on whatever release
branch this is running on.

* update branches the scanner runs on

Co-authored-by: Josh Black <raskchanky@gmail.com>
---
 .github/workflows/security-scan.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
index 6fafeed87c..34ece8b62d 100644
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -11,7 +11,8 @@ on:
   pull_request:
     branches:
       - 'main'
-      - '!oss-merge-main*'
+      - 'release/**'
+      - 'ce/**'
 
 jobs:
   scan:
@@ -29,7 +30,7 @@ jobs:
       uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
       with:
         cache: false # save cache space for vault builds: https://github.com/hashicorp/vault/pull/21764
-        go-version-file: .go-version
+        go-version: 'stable'
 
     - name: Set up Python
       uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0