From b9cf4faa723c4d5a886514b67b358d9963e79997 Mon Sep 17 00:00:00 2001
From: Alex Lowe <alex.lowe@canonical.com>
Date: Mon, 9 Dec 2024 18:46:07 -0500
Subject: [PATCH] fix(security-scan): disable uv export

---
 .github/workflows/security-scan.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/security-scan.yaml b/.github/workflows/security-scan.yaml
index d0254ca2d..55a4d88c1 100644
--- a/.github/workflows/security-scan.yaml
+++ b/.github/workflows/security-scan.yaml
@@ -10,7 +10,8 @@ on:
 jobs:
   python-scans:
     name: Scan Python project
-    uses: canonical/starflow/.github/workflows/scan-python.yaml@main
+    # uses: canonical/starflow/.github/workflows/scan-python.yaml@main
+    uses: lengau/starflow/.github/workflows/scan-python.yaml@work/CRAFT-3707/uv
     with:
       packages: python-apt-dev
       # 1. requirements-noble.txt can't build on jammy
@@ -18,3 +19,5 @@ jobs:
       #    contain vulnerable versions.
       requirements-find-args: '! -name requirements-noble.txt ! -path "./tests/spread/*"'
       osv-extra-args: '--config=source/osv-scanner.toml'
+      uv-export: false
+      uv-sync-extra-args: --no-dev