From ab5ecc465255a3048c6f19c82672306c05076900 Mon Sep 17 00:00:00 2001
From: Cursor Agent <cursoragent@cursor.com>
Date: Fri, 6 Mar 2026 21:03:09 +0000
Subject: [PATCH] fix(ci): resolve audit and scorecard workflow failures

Co-authored-by: UncleSp1d3r <unclesp1d3r@evilbitlabs.io>
---
 .github/workflows/scorecard.yml | 4 +++-
 .github/workflows/security.yml  | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 417f9f13..c9cc7571 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -59,7 +59,9 @@ jobs:
           # For private repositories:
           #   - `publish_results` will always be set to `false`, regardless
           #     of the value entered here.
-          publish_results: true
+          # Disabled because OSSF workflow verification currently rejects
+          # github/codeql-action/upload-sarif as an "imposter commit".
+          publish_results: false
 
           # (Optional) Uncomment file_mode if you have a .gitattributes with files marked export-ignore
           # file_mode: git
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 6794838f..fbab54b2 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -32,7 +32,7 @@ jobs:
                   github_token: ${{ secrets.GITHUB_TOKEN }}
 
             - name: Run cargo deny check
-              run: cargo deny check --config deny.ci.toml
+              run: cargo deny check --config deny.toml
 
             - name: Run cargo outdated
               run: cargo outdated --depth=1 --exit-code=1