From c706c1e3c2fb021e762fadb9fa25432563810c39 Mon Sep 17 00:00:00 2001
From: Tamara Barum <tamara.barum@optimizely.com>
Date: Wed, 11 Mar 2026 15:37:08 -0500
Subject: [PATCH] Remove SourceClear scan workflow due to security
 vulnerability

Removes the SourceClear workflow that contains a dangerous curl|bash pattern,
which presents risks of script injection and untrusted remote code execution
in the CI/CD pipeline. This follows the same remediation approach used in the
PHP SDK (optimizely/php-sdk#294).

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 .github/workflows/source_clear_crone.yml | 18 ------------------
 1 file changed, 18 deletions(-)
 delete mode 100644 .github/workflows/source_clear_crone.yml

diff --git a/.github/workflows/source_clear_crone.yml b/.github/workflows/source_clear_crone.yml
deleted file mode 100644
index 328feb6ab..000000000
--- a/.github/workflows/source_clear_crone.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-name: Source clear
-
-on:
-  push:
-    branches: [ master ]
-  schedule:
-    # Runs "weekly"
-    - cron: '0 0 * * 0'
-
-jobs:
-  source_clear:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Source clear scan
-        env:
-          SRCCLR_API_TOKEN: ${{ secrets.SRCCLR_API_TOKEN }}
-        run: curl -sSL https://download.sourceclear.com/ci.sh | bash -s - scan
\ No newline at end of file