From 6d736568d4ee023e2cc8d2646f094f1260d6cfc0 Mon Sep 17 00:00:00 2001
From: Christian Oliff <christianoliff@pm.me>
Date: Mon, 2 Mar 2026 21:15:31 +0900
Subject: [PATCH 1/2] Update Mend SCA and SAST scan sources

---
 .github/workflows/mend-scan.yml | 51 +++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 .github/workflows/mend-scan.yml

diff --git a/.github/workflows/mend-scan.yml b/.github/workflows/mend-scan.yml
new file mode 100644
index 0000000..dd86ffa
--- /dev/null
+++ b/.github/workflows/mend-scan.yml
@@ -0,0 +1,51 @@
+---
+name: 'Mend CLI Scan'
+
+on:
+  schedule:
+    - cron: '0 0 1 * *'
+  workflow_dispatch: {}
+
+permissions:
+  contents: 'read'
+  pull-requests: 'write'
+
+jobs:
+  mend-scan:
+    runs-on: 'ubuntu-latest'
+    name: 'Mend CLI Scan'
+    steps:
+      - name: 'Checkout code'
+        uses: 'actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd' # v6.0.2
+        with:
+          persist-credentials: false
+         
+      # No build steps configured - customize manually if needed
+      - name: 'Download Mend CLI'
+        run: |
+          echo "Downloading Mend CLI"
+          curl -L https://downloads.mend.io/cli/linux_amd64/mend -o /usr/local/bin/mend
+          chmod +x /usr/local/bin/mend
+
+      - name: 'Mend CLI - SCA Scan'
+        env:
+          MEND_EMAIL: '${{ secrets.MEND_EMAIL }}'
+          MEND_USER_KEY: '${{ secrets.MEND_USER_KEY }}'
+          MEND_URL: '${{ secrets.MEND_URL }}'
+        run: |
+          echo "Running Mend SCA scan"
+          mend dep \
+            -u \
+            -s "Trimble, Inc.//devguide.trimble.com//devguide" \
+            -d "." \
+            --fail-policy
+      - name: 'Mend CLI - SAST Scan'
+        env:
+          MEND_EMAIL: '${{ secrets.MEND_EMAIL }}'
+          MEND_USER_KEY: '${{ secrets.MEND_USER_KEY }}'
+          MEND_URL: '${{ secrets.MEND_URL }}'
+        run: |
+          echo "Running Mend SAST scan"
+          mend code \
+            -s "Trimble, Inc.//devguide.trimble.com//devguide" \
+            -d "."

From 7baac9cf3aecaf5557129205dec82d50c687f12c Mon Sep 17 00:00:00 2001
From: Christian Oliff <christianoliff@pm.me>
Date: Mon, 2 Mar 2026 21:26:34 +0900
Subject: [PATCH 2/2] Update .github/workflows/mend-scan.yml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 .github/workflows/mend-scan.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/mend-scan.yml b/.github/workflows/mend-scan.yml
index dd86ffa..c73e60d 100644
--- a/.github/workflows/mend-scan.yml
+++ b/.github/workflows/mend-scan.yml
@@ -8,7 +8,7 @@ on:
 
 permissions:
   contents: 'read'
-  pull-requests: 'write'
+  pull-requests: 'read'
 
 jobs:
   mend-scan: