Update security

Author: cx-yevgeny-kuznetsov

.github/workflows/cx-one-scan.yaml

@@ -22,4 +22,4 @@ jobs:
           cx_tenant: ${{ secrets.AST_RND_SCANS_TENANT }}
           cx_client_id: ${{ secrets.AST_RND_SCANS_CLIENT_ID }}
           cx_client_secret: ${{ secrets.AST_RND_SCANS_CLIENT_SECRET }}
-          additional_params: --tags checkmarx-kiro-powers --scan-types sast,sca,iac-security --threshold "sca-critical=1;sca-high=1;sca-medium=1;sca-low=1;sast-critical=1;sast-high=1;sast-medium=1;sast-low=1;iac-security-critical=1;iac-security-high=1;iac-security-medium=1;iac-security-low=1;"
+          additional_params: --tags checkmarx-kiro-powers --scan-types sast,sca,iac-security,scs --threshold "sca-critical=1;sca-high=1;sca-medium=1;sca-low=1;sast-critical=1;sast-high=1;sast-medium=1;sast-low=1;iac-security-critical=1;iac-security-high=1;iac-security-medium=1;iac-security-low=1;scs-critical=1;scs-high=1;scs-medium=1;scs-low=1;"

CHANGELOG.md

@@ -22,9 +22,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - `CODE_OF_CONDUCT.md` — Contributor Covenant v2.1
 - `CONTRIBUTING.md` — Contribution workflow, DCO sign-off instructions, secret
   safety warnings
-- `SECURITY.md` — Vulnerability reporting policy with GitHub Security Advisory
-  integration and safe harbor clause
-- `VULNERABILITY_REPORT.md` — Structured vulnerability report template
 - `MAINTAINERS.md` — Project ownership and responsibility definitions
 - `.github/CODEOWNERS` — Team-level code ownership for all paths
 - `.github/workflows/dco.yml` — DCO sign-off enforcement on all pull requests