chore: rename trivy-vulnerability-triage workflow to vulnerability-triage

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: msukkari

…workflows/trivy-vulnerability-triage.yml …ithub/workflows/vulnerability-triage.yml.github/workflows/trivy-vulnerability-triage.yml renamed to .github/workflows/vulnerability-triage.yml .github/workflows/trivy-vulnerability-triage.yml renamed to .github/workflows/vulnerability-triage.yml

@@ -20,6 +20,35 @@ on:
         required: false
         type: boolean
         default: false
+  workflow_call:
+    inputs:
+      image:
+        description: 'Full Docker image to scan with Trivy (e.g., ghcr.io/org/repo). Leave empty to skip Trivy scanning.'
+        required: false
+        type: string
+        default: ''
+      image_tag:
+        description: 'Image tag to scan'
+        required: false
+        type: string
+        default: 'main'
+      dry_run:
+        required: false
+        type: boolean
+        default: false
+      force_analysis:
+        required: false
+        type: boolean
+        default: false
+    secrets:
+      ANTHROPIC_API_KEY:
+        required: true
+      LINEAR_API_KEY:
+        required: true
+      LINEAR_TEAM_ID:
+        required: true
+      DEPENDABOT_PAT:
+        required: false
 
 env:
   IMAGE: ghcr.io/sourcebot-dev/sourcebot
@@ -34,6 +63,7 @@ jobs:
   scan:
     name: Trivy Scan
     runs-on: ubuntu-latest
+    if: github.repository == 'sourcebot-dev/sourcebot' || inputs.image != ''
     outputs:
       has_vulnerabilities: ${{ steps.check.outputs.has_vulnerabilities }}
     steps:
@@ -50,7 +80,7 @@ jobs:
       - name: Run Trivy vulnerability scan
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: "${{ env.IMAGE }}:${{ inputs.image_tag || 'main' }}"
+          image-ref: "${{ inputs.image || env.IMAGE }}:${{ inputs.image_tag || 'main' }}"
           format: "json"
           output: "trivy-results.json"
           trivy-config: trivy.yaml
@@ -77,7 +107,7 @@ jobs:
         run: |
           echo "## Trivy Scan" >> "$GITHUB_STEP_SUMMARY"
           echo "" >> "$GITHUB_STEP_SUMMARY"
-          echo "**Image:** \`${{ env.IMAGE }}:${{ inputs.image_tag || 'main' }}\`" >> "$GITHUB_STEP_SUMMARY"
+          echo "**Image:** \`${{ inputs.image || env.IMAGE }}:${{ inputs.image_tag || 'main' }}\`" >> "$GITHUB_STEP_SUMMARY"
           echo "" >> "$GITHUB_STEP_SUMMARY"
           if [ "${{ steps.check.outputs.has_vulnerabilities }}" = "true" ]; then
             VULN_COUNT=$(jq '[.Results[]? | .Vulnerabilities[]?] | length' trivy-results.json)
@@ -213,7 +243,7 @@ jobs:
           submodules: recursive
 
       - name: Download scan results
-        if: needs.scan.outputs.has_vulnerabilities == 'true' || inputs.force_analysis == true
+        if: needs.scan.outputs.has_vulnerabilities == 'true'
         uses: actions/download-artifact@v4
         with:
           name: trivy-results