From b78c054a1296440c52b3c626391e01baee97a7be Mon Sep 17 00:00:00 2001
From: AITBC System <system@aitbc.net>
Date: Sun, 8 Mar 2026 12:12:57 +0100
Subject: [PATCH] fix(security): resolve GitHub Actions workflow validation
 errors

- Remove invalid 'queries' input from CodeQL analyze action
- Fix OSSF Scorecard action input parameter names
- Use correct underscore naming for required inputs
---
 .github/workflows/security-scanning.yml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/security-scanning.yml b/.github/workflows/security-scanning.yml
index 7c212809..fd44c305 100644
--- a/.github/workflows/security-scanning.yml
+++ b/.github/workflows/security-scanning.yml
@@ -95,8 +95,6 @@ jobs:
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v3
-      with:
-        queries: security-extended,security-and-quality
 
   dependency-security-scan:
     name: Dependency Security Scan
@@ -180,8 +178,8 @@ jobs:
     - name: Run OSSF Scorecard
       uses: ossf/scorecard-action@v2.3.3
       with:
-        results-file: results.sarif
-        results-format: sarif
+        results_file: results.sarif
+        results_format: sarif
 
     - name: Upload OSSF Scorecard results to GitHub Security tab
       uses: github/codeql-action/upload-sarif@v3