From 3bac79bb30bca8e1acf01f631a9d697bd9522b23 Mon Sep 17 00:00:00 2001
From: tobin <tobin@anthropic.com>
Date: Fri, 8 May 2026 03:02:04 +0000
Subject: [PATCH] Bump scan-timeout-secs to 900; pin to L11/L12/L15 fixes

3 entries (azure, spotify-ads-api, vercel) hit the 300s default
under sweep load. Vercel passed in 247s on a single-entry run, so
timeout was the issue. Also picks up L15 (full verdict logging).
---
 .github/workflows/scan-plugins.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/scan-plugins.yml b/.github/workflows/scan-plugins.yml
index fc3f571..8929ead 100644
--- a/.github/workflows/scan-plugins.yml
+++ b/.github/workflows/scan-plugins.yml
@@ -26,10 +26,11 @@ jobs:
 
       # Blocking: policy failures fail the job. Loosen by removing
       # fail-on-findings if the false-positive rate is too high.
-      - uses: anthropics/claude-plugins-community/.github/actions/scan-plugins@b277757588871fe55b2620de8c6dfda470e2e9d8
+      - uses: anthropics/claude-plugins-community/.github/actions/scan-plugins@706952a0caebac4024b4be25137ff2faa64e153b
         with:
           anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
           policy-prompt: .github/policy/prompt.md
           fail-on-findings: "true"
           scan-all-external: ${{ inputs.scan_all || 'false' }}
+          scan-timeout-secs: "900"
           claude-cli-version: latest