name: Security Scan with Slack Notifications
on:
  pull_request:
    branches: [main]

jobs:
  security-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
      
      - name: Run Fraim Security Scan
        id: fraim-scan
        uses: fraim-dev/fraim-action@v0  # Use v0 for latest v0.x.x releases
        with:
          # Required: Workflow to run
          workflow: 'risk_flagger'
          
          # Required: Workflow-specific arguments as JSON object
          workflow_args: |
            {
              "approver": "security-team",
              "confidence": 7,
              "slack-webhook-url": "${{ secrets.SLACK_WEBHOOK_URL }}"
            }
          
          # Required: LLM API key
          anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}