complytime · marcusburghardt · Dec 10, 2025 · Dec 9, 2025 · Dec 9, 2025
diff --git a/.github/workflows/reusable_scheduled.yml b/.github/workflows/reusable_scheduled.yml
@@ -33,7 +33,7 @@ jobs:
       scan-args: "${{ inputs.scan-args }}"
       fail-on-vuln: true
       upload-sarif: true
-      results-file-name: osv-scanner-scheduled-results-${{ github.workflow }}-${{ github.job }}.sarif
+      results-file-name: osv-scanner-scheduled-results-${{ github.workflow_sha }}-${{ github.run_number }}.sarif
 
   call_reusable_security:
     name: OpenSSF Scorecards

diff --git a/.github/workflows/reusable_security.yml b/.github/workflows/reusable_security.yml
@@ -33,18 +33,18 @@ jobs:
       - name: "Run analysis"
         uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
         with:
-          results_file: scorecard-results-${{ github.workflow }}-${{ github.job }}.sarif
+          results_file: scorecard-results-${{ github.workflow_sha }}-${{ github.run_number }}.sarif
           results_format: sarif
           publish_results: true
 
       - name: "Upload artifact"
         uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
-          name: SARIF file
-          path: scorecard-results-${{ github.workflow }}-${{ github.job }}.sarif
+          name: Scorecard SARIF file
+          path: scorecard-results-${{ github.workflow_sha }}-${{ github.run_number }}.sarif
           retention-days: 5
 
       - name: "Upload to code-scanning"
         uses: github/codeql-action/upload-sarif@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6
         with:
-          sarif_file: scorecard-results-${{ github.workflow }}-${{ github.job }}.sarif
+          sarif_file: scorecard-results-${{ github.workflow_sha }}-${{ github.run_number }}.sarif
diff --git a/.github/workflows/reusable_vuln_scan.yml b/.github/workflows/reusable_vuln_scan.yml
@@ -33,4 +33,4 @@ jobs:
       scan-args: "${{ inputs.scan-args }}"
       fail-on-vuln: true
       upload-sarif: true
-      results-file-name: osv-scanner-pr-results-${{ github.workflow }}-${{ github.job }}.sarif
+      results-file-name: osv-scanner-pr-results-${{ github.workflow_sha }}-${{ github.run_number }}.sarif