From 38d0111121b94415bf3579b336cdd236d6fe9756 Mon Sep 17 00:00:00 2001
From: Michael Hucka <mhucka@google.com>
Date: Tue, 18 Mar 2025 20:46:20 -0700
Subject: [PATCH] Don't use --include-git-root option with osv-scanner

The documentation wasn't clear on this; it makes it scan .git/, which
seems unnecessary for us.
---
 .github/workflows/osv-scanner.yaml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/osv-scanner.yaml b/.github/workflows/osv-scanner.yaml
index 7f070ced3..f19d650cd 100644
--- a/.github/workflows/osv-scanner.yaml
+++ b/.github/workflows/osv-scanner.yaml
@@ -88,7 +88,6 @@ jobs:
           scan-args: |-
             --format=json
             --output=old-results.json
-            --include-git-root
             --recursive
             ./
 
@@ -106,7 +105,6 @@ jobs:
           scan-args: |-
             --format=json
             --output=new-results.json
-            --include-git-root
             --recursive
             ./