ci: enable security checks on push (#3151)

Signed-off-by: mramotowski <[email protected]>

Author: mramotowski

.github/workflows/security-checks.yaml

@@ -61,10 +61,10 @@ on:
         required: true
         type: choice
         options:
-          - "bandit,semgrep,trivy,zizmor" # Default set
-          - "bandit,clamav,semgrep,trivy,zizmor" # Full set
-          - "bandit,semgrep" # Minimal set
-        default: "bandit,semgrep,trivy"
+          - "bandit,semgrep"
+          - "bandit,semgrep,trivy,zizmor"
+          - "bandit,clamav,semgrep,trivy,zizmor"
+        default: "bandit,clamav,semgrep,trivy,zizmor"
       scan-scope:
         description: "Scan scope"
         required: true
@@ -101,8 +101,8 @@ jobs:
     uses: ./.github/workflows/_reusable-security-scan.yaml
     with:
       # For scheduled runs, use full scan configuration
-      tools: ${{ github.event_name == 'schedule' && 'bandit,clamav,semgrep,trivy,zizmor' || inputs.tools }}
-      scan-scope: ${{ github.event_name == 'schedule' && 'all' || inputs.scan-scope }}
-      severity-level: ${{ github.event_name == 'schedule' && 'LOW' || inputs.severity-level }}
-      confidence-level: ${{ github.event_name == 'schedule' && 'LOW' || inputs.confidence-level }}
+      tools: ${{ inputs.tools }}
+      scan-scope: ${{ inputs.scan-scope }}
+      severity-level: ${{ inputs.severity-level }}
+      confidence-level: ${{ inputs.confidence-level }}
       fail-on-findings: false # reports only