diff --git a/checks/permissions_test.go b/checks/permissions_test.go
index 7244ec2c1772..26add5cf963c 100644
--- a/checks/permissions_test.go
+++ b/checks/permissions_test.go
@@ -55,7 +55,7 @@ func TestGithubTokenPermissions(t *testing.T) {
 	}{
 		{
 			name:      "run workflow codeql write test",
-			filenames: []string{"./testdata/github-workflow-permissions-run-codeql-write.yaml"},
+			filenames: []string{".github/workflows/github-workflow-permissions-run-codeql-write.yaml"},
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MaxResultScore,
@@ -66,7 +66,7 @@ func TestGithubTokenPermissions(t *testing.T) {
 		},
 		{
 			name:      "run workflow no codeql write test",
-			filenames: []string{"./testdata/github-workflow-permissions-run-no-codeql-write.yaml"},
+			filenames: []string{".github/workflows/github-workflow-permissions-run-no-codeql-write.yaml"},
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MaxResultScore - 1,
@@ -77,7 +77,7 @@ func TestGithubTokenPermissions(t *testing.T) {
 		},
 		{
 			name:      "run workflow write test",
-			filenames: []string{"./testdata/github-workflow-permissions-run-writes-2.yaml"},
+			filenames: []string{".github/workflows/github-workflow-permissions-run-writes-2.yaml"},
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MinResultScore,
@@ -88,7 +88,7 @@ func TestGithubTokenPermissions(t *testing.T) {
 		},
 		{
 			name:      "run package workflow write test",
-			filenames: []string{"./testdata/github-workflow-permissions-run-package-workflow-write.yaml"},
+			filenames: []string{".github/workflows/github-workflow-permissions-run-package-workflow-write.yaml"},
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MaxResultScore,
@@ -99,7 +99,7 @@ func TestGithubTokenPermissions(t *testing.T) {
 		},
 		{
 			name:      "run package write test",
-			filenames: []string{"./testdata/github-workflow-permissions-run-package-write.yaml"},
+			filenames: []string{".github/workflows/github-workflow-permissions-run-package-write.yaml"},
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MinResultScore,
@@ -110,7 +110,7 @@ func TestGithubTokenPermissions(t *testing.T) {
 		},
 		{
 			name:      "run writes test",
-			filenames: []string{"./testdata/github-workflow-permissions-run-writes.yaml"},
+			filenames: []string{".github/workflows/github-workflow-permissions-run-writes.yaml"},
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MaxResultScore,
@@ -121,7 +121,7 @@ func TestGithubTokenPermissions(t *testing.T) {
 		},
 		{
 			name:      "write all test",
-			filenames: []string{"./testdata/github-workflow-permissions-writeall.yaml"},
+			filenames: []string{".github/workflows/github-workflow-permissions-writeall.yaml"},
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MinResultScore,
@@ -132,7 +132,7 @@ func TestGithubTokenPermissions(t *testing.T) {
 		},
 		{
 			name:      "read all test",
-			filenames: []string{"./testdata/github-workflow-permissions-readall.yaml"},
+			filenames: []string{".github/workflows/github-workflow-permissions-readall.yaml"},
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MaxResultScore,
@@ -143,7 +143,7 @@ func TestGithubTokenPermissions(t *testing.T) {
 		},
 		{
 			name:      "no permission test",
-			filenames: []string{"./testdata/github-workflow-permissions-absent.yaml"},
+			filenames: []string{".github/workflows/github-workflow-permissions-absent.yaml"},
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MinResultScore,
@@ -154,7 +154,7 @@ func TestGithubTokenPermissions(t *testing.T) {
 		},
 		{
 			name:      "writes test",
-			filenames: []string{"./testdata/github-workflow-permissions-writes.yaml"},
+			filenames: []string{".github/workflows/github-workflow-permissions-writes.yaml"},
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MaxResultScore,
@@ -165,7 +165,7 @@ func TestGithubTokenPermissions(t *testing.T) {
 		},
 		{
 			name:      "reads test",
-			filenames: []string{"./testdata/github-workflow-permissions-reads.yaml"},
+			filenames: []string{".github/workflows/github-workflow-permissions-reads.yaml"},
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MaxResultScore,
@@ -176,7 +176,7 @@ func TestGithubTokenPermissions(t *testing.T) {
 		},
 		{
 			name:      "nones test",
-			filenames: []string{"./testdata/github-workflow-permissions-nones.yaml"},
+			filenames: []string{".github/workflows/github-workflow-permissions-nones.yaml"},
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MaxResultScore,
@@ -187,7 +187,7 @@ func TestGithubTokenPermissions(t *testing.T) {
 		},
 		{
 			name:      "none test",
-			filenames: []string{"./testdata/github-workflow-permissions-none.yaml"},
+			filenames: []string{".github/workflows/github-workflow-permissions-none.yaml"},
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MaxResultScore,
@@ -198,7 +198,7 @@ func TestGithubTokenPermissions(t *testing.T) {
 		},
 		{
 			name:      "status/checks write",
-			filenames: []string{"./testdata/github-workflow-permissions-status-checks.yaml"},
+			filenames: []string{".github/workflows/github-workflow-permissions-status-checks.yaml"},
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MaxResultScore - 1,
@@ -209,7 +209,7 @@ func TestGithubTokenPermissions(t *testing.T) {
 		},
 		{
 			name:      "sec-events/deployments write",
-			filenames: []string{"./testdata/github-workflow-permissions-secevent-deployments.yaml"},
+			filenames: []string{".github/workflows/github-workflow-permissions-secevent-deployments.yaml"},
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MaxResultScore - 2,
@@ -220,7 +220,7 @@ func TestGithubTokenPermissions(t *testing.T) {
 		},
 		{
 			name:      "contents write",
-			filenames: []string{"./testdata/github-workflow-permissions-contents.yaml"},
+			filenames: []string{".github/workflows/github-workflow-permissions-contents.yaml"},
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MinResultScore,
@@ -231,7 +231,7 @@ func TestGithubTokenPermissions(t *testing.T) {
 		},
 		{
 			name:      "actions write",
-			filenames: []string{"./testdata/github-workflow-permissions-actions.yaml"},
+			filenames: []string{".github/workflows/github-workflow-permissions-actions.yaml"},
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MinResultScore,
@@ -242,7 +242,7 @@ func TestGithubTokenPermissions(t *testing.T) {
 		},
 		{
 			name:      "packages write",
-			filenames: []string{"./testdata/github-workflow-permissions-packages.yaml"},
+			filenames: []string{".github/workflows/github-workflow-permissions-packages.yaml"},
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MinResultScore,
@@ -253,7 +253,7 @@ func TestGithubTokenPermissions(t *testing.T) {
 		},
 		{
 			name:      "Non-yaml file",
-			filenames: []string{"./testdata/script.sh"},
+			filenames: []string{"script.sh"},
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MaxResultScore,
@@ -264,7 +264,7 @@ func TestGithubTokenPermissions(t *testing.T) {
 		},
 		{
 			name:      "release workflow write",
-			filenames: []string{"./testdata/github-workflow-permissions-release-writes.yaml"},
+			filenames: []string{".github/workflows/github-workflow-permissions-release-writes.yaml"},
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MaxResultScore,
@@ -275,7 +275,7 @@ func TestGithubTokenPermissions(t *testing.T) {
 		},
 		{
 			name:      "package workflow write",
-			filenames: []string{"./testdata/github-workflow-permissions-packages-writes.yaml"},
+			filenames: []string{".github/workflows/github-workflow-permissions-packages-writes.yaml"},
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MaxResultScore,
@@ -286,7 +286,7 @@ func TestGithubTokenPermissions(t *testing.T) {
 		},
 		{
 			name:      "workflow jobs only",
-			filenames: []string{"./testdata/github-workflow-permissions-jobs-only.yaml"},
+			filenames: []string{".github/workflows/github-workflow-permissions-jobs-only.yaml"},
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         9,
@@ -297,7 +297,7 @@ func TestGithubTokenPermissions(t *testing.T) {
 		},
 		{
 			name:      "security-events write, codeql comment",
-			filenames: []string{"./testdata/github-workflow-permissions-run-write-codeql-comment.yaml"},
+			filenames: []string{".github/workflows/github-workflow-permissions-run-write-codeql-comment.yaml"},
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MaxResultScore - 1,
@@ -309,8 +309,8 @@ func TestGithubTokenPermissions(t *testing.T) {
 		{
 			name: "two files mix run-level and top-level",
 			filenames: []string{
-				"./testdata/github-workflow-permissions-top-level-only.yaml",
-				"./testdata/github-workflow-permissions-run-level-only.yaml",
+				".github/workflows/github-workflow-permissions-top-level-only.yaml",
+				".github/workflows/github-workflow-permissions-run-level-only.yaml",
 			},
 			expected: scut.TestReturn{
 				Error:         nil,
@@ -323,8 +323,8 @@ func TestGithubTokenPermissions(t *testing.T) {
 		{
 			name: "two files mix run-level and absent",
 			filenames: []string{
-				"./testdata/github-workflow-permissions-run-level-only.yaml",
-				"./testdata/github-workflow-permissions-absent.yaml",
+				".github/workflows/github-workflow-permissions-run-level-only.yaml",
+				".github/workflows/github-workflow-permissions-absent.yaml",
 			},
 			expected: scut.TestReturn{
 				Error:         nil,
@@ -337,8 +337,8 @@ func TestGithubTokenPermissions(t *testing.T) {
 		{
 			name: "two files mix top-level and absent",
 			filenames: []string{
-				"./testdata/github-workflow-permissions-top-level-only.yaml",
-				"./testdata/github-workflow-permissions-absent.yaml",
+				".github/workflows/github-workflow-permissions-top-level-only.yaml",
+				".github/workflows/github-workflow-permissions-absent.yaml",
 			},
 			expected: scut.TestReturn{
 				Error:         nil,
@@ -349,6 +349,11 @@ func TestGithubTokenPermissions(t *testing.T) {
 			},
 		},
 	}
+
+	if err := os.Chdir("./testdata/"); err != nil {
+		panic(fmt.Errorf("os.Chdir: %w", err))
+	}
+
 	for _, tt := range tests {
 		tt := tt // Re-initializing variable so it is not changed while executing the closure below
 		t.Run(tt.name, func(t *testing.T) {
@@ -386,7 +391,7 @@ func TestGithubTokenPermissionsLineNumber(t *testing.T) {
 	}{
 		{
 			name:     "Job level write permission",
-			filename: "./testdata/github-workflow-permissions-run-no-codeql-write.yaml",
+			filename: ".github/workflows/github-workflow-permissions-run-no-codeql-write.yaml",
 			expected: []struct {
 				lineNumber uint
 			}{
@@ -397,7 +402,7 @@ func TestGithubTokenPermissionsLineNumber(t *testing.T) {
 		},
 		{
 			name:     "Workflow level write permission",
-			filename: "./testdata/github-workflow-permissions-writeall.yaml",
+			filename: ".github/workflows/github-workflow-permissions-writeall.yaml",
 			expected: []struct {
 				lineNumber uint
 			}{
diff --git a/checks/pinned_dependencies_test.go b/checks/pinned_dependencies_test.go
index ecc824ec50e0..acea9289da2b 100644
--- a/checks/pinned_dependencies_test.go
+++ b/checks/pinned_dependencies_test.go
@@ -34,7 +34,7 @@ func TestGithubWorkflowPinning(t *testing.T) {
 	}{
 		{
 			name:     "empty file",
-			filename: "./testdata/github-workflow-empty.yaml",
+			filename: ".github/workflows/github-workflow-empty.yaml",
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MaxResultScore,
@@ -45,7 +45,7 @@ func TestGithubWorkflowPinning(t *testing.T) {
 		},
 		{
 			name:     "comments only",
-			filename: "./testdata/github-workflow-comments.yaml",
+			filename: ".github/workflows/github-workflow-comments.yaml",
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MaxResultScore,
@@ -56,7 +56,7 @@ func TestGithubWorkflowPinning(t *testing.T) {
 		},
 		{
 			name:     "Pinned workflow",
-			filename: "./testdata/workflow-pinned.yaml",
+			filename: ".github/workflows/workflow-pinned.yaml",
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MaxResultScore,
@@ -67,7 +67,7 @@ func TestGithubWorkflowPinning(t *testing.T) {
 		},
 		{
 			name:     "Local action workflow",
-			filename: "./testdata/workflow-local-action.yaml",
+			filename: ".github/workflows/workflow-local-action.yaml",
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MaxResultScore,
@@ -78,7 +78,7 @@ func TestGithubWorkflowPinning(t *testing.T) {
 		},
 		{
 			name:     "Non-pinned workflow",
-			filename: "./testdata/workflow-not-pinned.yaml",
+			filename: ".github/workflows/workflow-not-pinned.yaml",
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MaxResultScore - 2,
@@ -89,7 +89,7 @@ func TestGithubWorkflowPinning(t *testing.T) {
 		},
 		{
 			name:     "Non-yaml file",
-			filename: "./testdata/script.sh",
+			filename: "script.sh",
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MaxResultScore,
@@ -100,7 +100,7 @@ func TestGithubWorkflowPinning(t *testing.T) {
 		},
 		{
 			name:     "Matrix as expression",
-			filename: "./testdata/github-workflow-matrix-expression.yaml",
+			filename: ".github/workflows/github-workflow-matrix-expression.yaml",
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MaxResultScore,
@@ -110,6 +110,11 @@ func TestGithubWorkflowPinning(t *testing.T) {
 			},
 		},
 	}
+
+	if err := os.Chdir("./testdata/"); err != nil {
+		panic(fmt.Errorf("os.Chdir: %w", err))
+	}
+
 	for _, tt := range tests {
 		tt := tt // Re-initializing variable so it is not changed while executing the closure below
 		t.Run(tt.name, func(t *testing.T) {
@@ -145,7 +150,7 @@ func TestNonGithubWorkflowPinning(t *testing.T) {
 	}{
 		{
 			name:     "Pinned non-github workflow",
-			filename: "./testdata/workflow-non-github-pinned.yaml",
+			filename: ".github/workflows/workflow-non-github-pinned.yaml",
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MaxResultScore,
@@ -156,7 +161,7 @@ func TestNonGithubWorkflowPinning(t *testing.T) {
 		},
 		{
 			name:     "Pinned github workflow",
-			filename: "./testdata/workflow-mix-github-and-non-github-not-pinned.yaml",
+			filename: ".github/workflows/workflow-mix-github-and-non-github-not-pinned.yaml",
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MinResultScore,
@@ -167,7 +172,7 @@ func TestNonGithubWorkflowPinning(t *testing.T) {
 		},
 		{
 			name:     "Pinned github workflow",
-			filename: "./testdata/workflow-mix-github-and-non-github-pinned.yaml",
+			filename: ".github/workflows/workflow-mix-github-and-non-github-pinned.yaml",
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MaxResultScore,
@@ -178,7 +183,7 @@ func TestNonGithubWorkflowPinning(t *testing.T) {
 		},
 		{
 			name:     "Mix of pinned and non-pinned GitHub actions",
-			filename: "./testdata/workflow-mix-pinned-and-non-pinned-github.yaml",
+			filename: ".github/workflows/workflow-mix-pinned-and-non-pinned-github.yaml",
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MaxResultScore - 2,
@@ -189,7 +194,7 @@ func TestNonGithubWorkflowPinning(t *testing.T) {
 		},
 		{
 			name:     "Mix of pinned and non-pinned non-GitHub actions",
-			filename: "./testdata/workflow-mix-pinned-and-non-pinned-non-github.yaml",
+			filename: ".github/workflows/workflow-mix-pinned-and-non-pinned-non-github.yaml",
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MaxResultScore - 8,
@@ -199,6 +204,11 @@ func TestNonGithubWorkflowPinning(t *testing.T) {
 			},
 		},
 	}
+
+	if err := os.Chdir("./testdata/"); err != nil {
+		panic(fmt.Errorf("os.Chdir: %w", err))
+	}
+
 	for _, tt := range tests {
 		tt := tt // Re-initializing variable so it is not changed while executing the closure below
 		t.Run(tt.name, func(t *testing.T) {
@@ -236,7 +246,7 @@ func TestGithubWorkflowPkgManagerPinning(t *testing.T) {
 	}{
 		{
 			name:     "npm packages without verification",
-			filename: "./testdata/github-workflow-pkg-managers.yaml",
+			filename: ".github/workflows/github-workflow-pkg-managers.yaml",
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MinResultScore,
@@ -246,6 +256,11 @@ func TestGithubWorkflowPkgManagerPinning(t *testing.T) {
 			},
 		},
 	}
+
+	if err := os.Chdir("./testdata/"); err != nil {
+		panic(fmt.Errorf("os.Chdir: %w", err))
+	}
+
 	for _, tt := range tests {
 		tt := tt // Re-initializing variable so it is not changed while executing the closure below
 		t.Run(tt.name, func(t *testing.T) {
@@ -1199,7 +1214,7 @@ func TestGitHubWorflowRunDownload(t *testing.T) {
 	}{
 		{
 			name:     "workflow curl default",
-			filename: "testdata/github-workflow-curl-default.yaml",
+			filename: "./testdata/.github/workflows/testdata/github-workflow-curl-default.yaml",
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MinResultScore,
@@ -1210,7 +1225,7 @@ func TestGitHubWorflowRunDownload(t *testing.T) {
 		},
 		{
 			name:     "workflow curl no default",
-			filename: "testdata/github-workflow-curl-no-default.yaml",
+			filename: "./testdata/.github/workflows/testdata/github-workflow-curl-no-default.yaml",
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MinResultScore,
@@ -1221,7 +1236,7 @@ func TestGitHubWorflowRunDownload(t *testing.T) {
 		},
 		{
 			name:     "wget across steps",
-			filename: "testdata/github-workflow-wget-across-steps.yaml",
+			filename: "./testdata/.github/workflows/testdata/github-workflow-wget-across-steps.yaml",
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MinResultScore,
@@ -1271,7 +1286,7 @@ func TestGitHubWorkflowUsesLineNumber(t *testing.T) {
 	}{
 		{
 			name:     "unpinned dependency in uses",
-			filename: "testdata/github-workflow-permissions-run-codeql-write.yaml",
+			filename: "./testdata/.github/workflows/testdata/github-workflow-permissions-run-codeql-write.yaml",
 			expected: []struct {
 				dependency string
 				startLine  uint
@@ -1286,7 +1301,7 @@ func TestGitHubWorkflowUsesLineNumber(t *testing.T) {
 		},
 		{
 			name:     "multiple unpinned dependency in uses",
-			filename: "testdata/github-workflow-multiple-unpinned-uses.yaml",
+			filename: "./testdata/.github/workflows/testdata/github-workflow-multiple-unpinned-uses.yaml",
 			expected: []struct {
 				dependency string
 				startLine  uint
@@ -1349,7 +1364,7 @@ func TestGitHubWorkInsecureDownloadsLineNumber(t *testing.T) {
 	}{
 		{
 			name:     "downloads",
-			filename: "testdata/github-workflow-download-lines.yaml",
+			filename: "./testdata/.github/workflows/testdata/github-workflow-download-lines.yaml",
 			expected: []struct {
 				snippet   string
 				startLine uint
diff --git a/checks/testdata/github-workflow-comments.yaml b/checks/testdata/.github/workflows/github-workflow-comments.yaml
similarity index 100%
rename from checks/testdata/github-workflow-comments.yaml
rename to checks/testdata/.github/workflows/github-workflow-comments.yaml
diff --git a/checks/testdata/github-workflow-curl-default.yaml b/checks/testdata/.github/workflows/github-workflow-curl-default.yaml
similarity index 100%
rename from checks/testdata/github-workflow-curl-default.yaml
rename to checks/testdata/.github/workflows/github-workflow-curl-default.yaml
diff --git a/checks/testdata/github-workflow-curl-no-default.yaml b/checks/testdata/.github/workflows/github-workflow-curl-no-default.yaml
similarity index 100%
rename from checks/testdata/github-workflow-curl-no-default.yaml
rename to checks/testdata/.github/workflows/github-workflow-curl-no-default.yaml
diff --git a/checks/testdata/github-workflow-dangerous-pattern-default-checkout.yml b/checks/testdata/.github/workflows/github-workflow-dangerous-pattern-default-checkout.yml
similarity index 100%
rename from checks/testdata/github-workflow-dangerous-pattern-default-checkout.yml
rename to checks/testdata/.github/workflows/github-workflow-dangerous-pattern-default-checkout.yml
diff --git a/checks/testdata/github-workflow-dangerous-pattern-safe-trigger.yml b/checks/testdata/.github/workflows/github-workflow-dangerous-pattern-safe-trigger.yml
similarity index 100%
rename from checks/testdata/github-workflow-dangerous-pattern-safe-trigger.yml
rename to checks/testdata/.github/workflows/github-workflow-dangerous-pattern-safe-trigger.yml
diff --git a/checks/testdata/github-workflow-dangerous-pattern-trusted-checkout.yml b/checks/testdata/.github/workflows/github-workflow-dangerous-pattern-trusted-checkout.yml
similarity index 100%
rename from checks/testdata/github-workflow-dangerous-pattern-trusted-checkout.yml
rename to checks/testdata/.github/workflows/github-workflow-dangerous-pattern-trusted-checkout.yml
diff --git a/checks/testdata/github-workflow-dangerous-pattern-trusted-script-injection.yml b/checks/testdata/.github/workflows/github-workflow-dangerous-pattern-trusted-script-injection.yml
similarity index 100%
rename from checks/testdata/github-workflow-dangerous-pattern-trusted-script-injection.yml
rename to checks/testdata/.github/workflows/github-workflow-dangerous-pattern-trusted-script-injection.yml
diff --git a/checks/testdata/github-workflow-dangerous-pattern-untrusted-checkout.yml b/checks/testdata/.github/workflows/github-workflow-dangerous-pattern-untrusted-checkout.yml
similarity index 100%
rename from checks/testdata/github-workflow-dangerous-pattern-untrusted-checkout.yml
rename to checks/testdata/.github/workflows/github-workflow-dangerous-pattern-untrusted-checkout.yml
diff --git a/checks/testdata/github-workflow-dangerous-pattern-untrusted-inline-script-injection.yml b/checks/testdata/.github/workflows/github-workflow-dangerous-pattern-untrusted-inline-script-injection.yml
similarity index 100%
rename from checks/testdata/github-workflow-dangerous-pattern-untrusted-inline-script-injection.yml
rename to checks/testdata/.github/workflows/github-workflow-dangerous-pattern-untrusted-inline-script-injection.yml
diff --git a/checks/testdata/github-workflow-dangerous-pattern-untrusted-multiple-script-injection.yml b/checks/testdata/.github/workflows/github-workflow-dangerous-pattern-untrusted-multiple-script-injection.yml
similarity index 100%
rename from checks/testdata/github-workflow-dangerous-pattern-untrusted-multiple-script-injection.yml
rename to checks/testdata/.github/workflows/github-workflow-dangerous-pattern-untrusted-multiple-script-injection.yml
diff --git a/checks/testdata/github-workflow-dangerous-pattern-untrusted-script-injection-wildcard.yml b/checks/testdata/.github/workflows/github-workflow-dangerous-pattern-untrusted-script-injection-wildcard.yml
similarity index 100%
rename from checks/testdata/github-workflow-dangerous-pattern-untrusted-script-injection-wildcard.yml
rename to checks/testdata/.github/workflows/github-workflow-dangerous-pattern-untrusted-script-injection-wildcard.yml
diff --git a/checks/testdata/github-workflow-dangerous-pattern-untrusted-script-injection.yml b/checks/testdata/.github/workflows/github-workflow-dangerous-pattern-untrusted-script-injection.yml
similarity index 100%
rename from checks/testdata/github-workflow-dangerous-pattern-untrusted-script-injection.yml
rename to checks/testdata/.github/workflows/github-workflow-dangerous-pattern-untrusted-script-injection.yml
diff --git a/checks/testdata/github-workflow-download-lines.yaml b/checks/testdata/.github/workflows/github-workflow-download-lines.yaml
similarity index 100%
rename from checks/testdata/github-workflow-download-lines.yaml
rename to checks/testdata/.github/workflows/github-workflow-download-lines.yaml
diff --git a/checks/testdata/github-workflow-empty.yaml b/checks/testdata/.github/workflows/github-workflow-empty.yaml
similarity index 100%
rename from checks/testdata/github-workflow-empty.yaml
rename to checks/testdata/.github/workflows/github-workflow-empty.yaml
diff --git a/checks/testdata/github-workflow-matrix-expression.yaml b/checks/testdata/.github/workflows/github-workflow-matrix-expression.yaml
similarity index 100%
rename from checks/testdata/github-workflow-matrix-expression.yaml
rename to checks/testdata/.github/workflows/github-workflow-matrix-expression.yaml
diff --git a/checks/testdata/github-workflow-multiple-unpinned-uses.yaml b/checks/testdata/.github/workflows/github-workflow-multiple-unpinned-uses.yaml
similarity index 100%
rename from checks/testdata/github-workflow-multiple-unpinned-uses.yaml
rename to checks/testdata/.github/workflows/github-workflow-multiple-unpinned-uses.yaml
diff --git a/checks/testdata/github-workflow-packaging-cargo.yaml b/checks/testdata/.github/workflows/github-workflow-packaging-cargo.yaml
similarity index 100%
rename from checks/testdata/github-workflow-packaging-cargo.yaml
rename to checks/testdata/.github/workflows/github-workflow-packaging-cargo.yaml
diff --git a/checks/testdata/github-workflow-packaging-docker-action.yaml b/checks/testdata/.github/workflows/github-workflow-packaging-docker-action.yaml
similarity index 100%
rename from checks/testdata/github-workflow-packaging-docker-action.yaml
rename to checks/testdata/.github/workflows/github-workflow-packaging-docker-action.yaml
diff --git a/checks/testdata/github-workflow-packaging-docker-push.yaml b/checks/testdata/.github/workflows/github-workflow-packaging-docker-push.yaml
similarity index 100%
rename from checks/testdata/github-workflow-packaging-docker-push.yaml
rename to checks/testdata/.github/workflows/github-workflow-packaging-docker-push.yaml
diff --git a/checks/testdata/github-workflow-packaging-gem.yaml b/checks/testdata/.github/workflows/github-workflow-packaging-gem.yaml
similarity index 100%
rename from checks/testdata/github-workflow-packaging-gem.yaml
rename to checks/testdata/.github/workflows/github-workflow-packaging-gem.yaml
diff --git a/checks/testdata/github-workflow-packaging-go.yaml b/checks/testdata/.github/workflows/github-workflow-packaging-go.yaml
similarity index 100%
rename from checks/testdata/github-workflow-packaging-go.yaml
rename to checks/testdata/.github/workflows/github-workflow-packaging-go.yaml
diff --git a/checks/testdata/github-workflow-packaging-gradle.yaml b/checks/testdata/.github/workflows/github-workflow-packaging-gradle.yaml
similarity index 100%
rename from checks/testdata/github-workflow-packaging-gradle.yaml
rename to checks/testdata/.github/workflows/github-workflow-packaging-gradle.yaml
diff --git a/checks/testdata/github-workflow-packaging-maven.yaml b/checks/testdata/.github/workflows/github-workflow-packaging-maven.yaml
similarity index 100%
rename from checks/testdata/github-workflow-packaging-maven.yaml
rename to checks/testdata/.github/workflows/github-workflow-packaging-maven.yaml
diff --git a/checks/testdata/github-workflow-packaging-npm-github.yaml b/checks/testdata/.github/workflows/github-workflow-packaging-npm-github.yaml
similarity index 100%
rename from checks/testdata/github-workflow-packaging-npm-github.yaml
rename to checks/testdata/.github/workflows/github-workflow-packaging-npm-github.yaml
diff --git a/checks/testdata/github-workflow-packaging-npm.yaml b/checks/testdata/.github/workflows/github-workflow-packaging-npm.yaml
similarity index 100%
rename from checks/testdata/github-workflow-packaging-npm.yaml
rename to checks/testdata/.github/workflows/github-workflow-packaging-npm.yaml
diff --git a/checks/testdata/github-workflow-packaging-nuget.yaml b/checks/testdata/.github/workflows/github-workflow-packaging-nuget.yaml
similarity index 100%
rename from checks/testdata/github-workflow-packaging-nuget.yaml
rename to checks/testdata/.github/workflows/github-workflow-packaging-nuget.yaml
diff --git a/checks/testdata/github-workflow-packaging-pypi.yaml b/checks/testdata/.github/workflows/github-workflow-packaging-pypi.yaml
similarity index 100%
rename from checks/testdata/github-workflow-packaging-pypi.yaml
rename to checks/testdata/.github/workflows/github-workflow-packaging-pypi.yaml
diff --git a/checks/testdata/github-workflow-permissions-absent.yaml b/checks/testdata/.github/workflows/github-workflow-permissions-absent.yaml
similarity index 100%
rename from checks/testdata/github-workflow-permissions-absent.yaml
rename to checks/testdata/.github/workflows/github-workflow-permissions-absent.yaml
diff --git a/checks/testdata/github-workflow-permissions-actions.yaml b/checks/testdata/.github/workflows/github-workflow-permissions-actions.yaml
similarity index 100%
rename from checks/testdata/github-workflow-permissions-actions.yaml
rename to checks/testdata/.github/workflows/github-workflow-permissions-actions.yaml
diff --git a/checks/testdata/github-workflow-permissions-contents.yaml b/checks/testdata/.github/workflows/github-workflow-permissions-contents.yaml
similarity index 100%
rename from checks/testdata/github-workflow-permissions-contents.yaml
rename to checks/testdata/.github/workflows/github-workflow-permissions-contents.yaml
diff --git a/checks/testdata/github-workflow-permissions-jobs-only.yaml b/checks/testdata/.github/workflows/github-workflow-permissions-jobs-only.yaml
similarity index 100%
rename from checks/testdata/github-workflow-permissions-jobs-only.yaml
rename to checks/testdata/.github/workflows/github-workflow-permissions-jobs-only.yaml
diff --git a/checks/testdata/github-workflow-permissions-none.yaml b/checks/testdata/.github/workflows/github-workflow-permissions-none.yaml
similarity index 100%
rename from checks/testdata/github-workflow-permissions-none.yaml
rename to checks/testdata/.github/workflows/github-workflow-permissions-none.yaml
diff --git a/checks/testdata/github-workflow-permissions-nones.yaml b/checks/testdata/.github/workflows/github-workflow-permissions-nones.yaml
similarity index 100%
rename from checks/testdata/github-workflow-permissions-nones.yaml
rename to checks/testdata/.github/workflows/github-workflow-permissions-nones.yaml
diff --git a/checks/testdata/github-workflow-permissions-packages-writes.yaml b/checks/testdata/.github/workflows/github-workflow-permissions-packages-writes.yaml
similarity index 100%
rename from checks/testdata/github-workflow-permissions-packages-writes.yaml
rename to checks/testdata/.github/workflows/github-workflow-permissions-packages-writes.yaml
diff --git a/checks/testdata/github-workflow-permissions-packages.yaml b/checks/testdata/.github/workflows/github-workflow-permissions-packages.yaml
similarity index 100%
rename from checks/testdata/github-workflow-permissions-packages.yaml
rename to checks/testdata/.github/workflows/github-workflow-permissions-packages.yaml
diff --git a/checks/testdata/github-workflow-permissions-readall.yaml b/checks/testdata/.github/workflows/github-workflow-permissions-readall.yaml
similarity index 100%
rename from checks/testdata/github-workflow-permissions-readall.yaml
rename to checks/testdata/.github/workflows/github-workflow-permissions-readall.yaml
diff --git a/checks/testdata/github-workflow-permissions-reads.yaml b/checks/testdata/.github/workflows/github-workflow-permissions-reads.yaml
similarity index 100%
rename from checks/testdata/github-workflow-permissions-reads.yaml
rename to checks/testdata/.github/workflows/github-workflow-permissions-reads.yaml
diff --git a/checks/testdata/github-workflow-permissions-release-writes.yaml b/checks/testdata/.github/workflows/github-workflow-permissions-release-writes.yaml
similarity index 100%
rename from checks/testdata/github-workflow-permissions-release-writes.yaml
rename to checks/testdata/.github/workflows/github-workflow-permissions-release-writes.yaml
diff --git a/checks/testdata/github-workflow-permissions-run-codeql-write.yaml b/checks/testdata/.github/workflows/github-workflow-permissions-run-codeql-write.yaml
similarity index 100%
rename from checks/testdata/github-workflow-permissions-run-codeql-write.yaml
rename to checks/testdata/.github/workflows/github-workflow-permissions-run-codeql-write.yaml
diff --git a/checks/testdata/github-workflow-permissions-run-level-only.yaml b/checks/testdata/.github/workflows/github-workflow-permissions-run-level-only.yaml
similarity index 100%
rename from checks/testdata/github-workflow-permissions-run-level-only.yaml
rename to checks/testdata/.github/workflows/github-workflow-permissions-run-level-only.yaml
diff --git a/checks/testdata/github-workflow-permissions-run-no-codeql-write.yaml b/checks/testdata/.github/workflows/github-workflow-permissions-run-no-codeql-write.yaml
similarity index 100%
rename from checks/testdata/github-workflow-permissions-run-no-codeql-write.yaml
rename to checks/testdata/.github/workflows/github-workflow-permissions-run-no-codeql-write.yaml
diff --git a/checks/testdata/github-workflow-permissions-run-package-workflow-write.yaml b/checks/testdata/.github/workflows/github-workflow-permissions-run-package-workflow-write.yaml
similarity index 100%
rename from checks/testdata/github-workflow-permissions-run-package-workflow-write.yaml
rename to checks/testdata/.github/workflows/github-workflow-permissions-run-package-workflow-write.yaml
diff --git a/checks/testdata/github-workflow-permissions-run-package-write.yaml b/checks/testdata/.github/workflows/github-workflow-permissions-run-package-write.yaml
similarity index 100%
rename from checks/testdata/github-workflow-permissions-run-package-write.yaml
rename to checks/testdata/.github/workflows/github-workflow-permissions-run-package-write.yaml
diff --git a/checks/testdata/github-workflow-permissions-run-write-codeql-comment.yaml b/checks/testdata/.github/workflows/github-workflow-permissions-run-write-codeql-comment.yaml
similarity index 100%
rename from checks/testdata/github-workflow-permissions-run-write-codeql-comment.yaml
rename to checks/testdata/.github/workflows/github-workflow-permissions-run-write-codeql-comment.yaml
diff --git a/checks/testdata/github-workflow-permissions-run-writes-2.yaml b/checks/testdata/.github/workflows/github-workflow-permissions-run-writes-2.yaml
similarity index 100%
rename from checks/testdata/github-workflow-permissions-run-writes-2.yaml
rename to checks/testdata/.github/workflows/github-workflow-permissions-run-writes-2.yaml
diff --git a/checks/testdata/github-workflow-permissions-run-writes.yaml b/checks/testdata/.github/workflows/github-workflow-permissions-run-writes.yaml
similarity index 100%
rename from checks/testdata/github-workflow-permissions-run-writes.yaml
rename to checks/testdata/.github/workflows/github-workflow-permissions-run-writes.yaml
diff --git a/checks/testdata/github-workflow-permissions-secevent-deployments.yaml b/checks/testdata/.github/workflows/github-workflow-permissions-secevent-deployments.yaml
similarity index 100%
rename from checks/testdata/github-workflow-permissions-secevent-deployments.yaml
rename to checks/testdata/.github/workflows/github-workflow-permissions-secevent-deployments.yaml
diff --git a/checks/testdata/github-workflow-permissions-status-checks.yaml b/checks/testdata/.github/workflows/github-workflow-permissions-status-checks.yaml
similarity index 100%
rename from checks/testdata/github-workflow-permissions-status-checks.yaml
rename to checks/testdata/.github/workflows/github-workflow-permissions-status-checks.yaml
diff --git a/checks/testdata/github-workflow-permissions-top-level-only.yaml b/checks/testdata/.github/workflows/github-workflow-permissions-top-level-only.yaml
similarity index 100%
rename from checks/testdata/github-workflow-permissions-top-level-only.yaml
rename to checks/testdata/.github/workflows/github-workflow-permissions-top-level-only.yaml
diff --git a/checks/testdata/github-workflow-permissions-writeall.yaml b/checks/testdata/.github/workflows/github-workflow-permissions-writeall.yaml
similarity index 100%
rename from checks/testdata/github-workflow-permissions-writeall.yaml
rename to checks/testdata/.github/workflows/github-workflow-permissions-writeall.yaml
diff --git a/checks/testdata/github-workflow-permissions-writes.yaml b/checks/testdata/.github/workflows/github-workflow-permissions-writes.yaml
similarity index 100%
rename from checks/testdata/github-workflow-permissions-writes.yaml
rename to checks/testdata/.github/workflows/github-workflow-permissions-writes.yaml
diff --git a/checks/testdata/github-workflow-pkg-managers.yaml b/checks/testdata/.github/workflows/github-workflow-pkg-managers.yaml
similarity index 100%
rename from checks/testdata/github-workflow-pkg-managers.yaml
rename to checks/testdata/.github/workflows/github-workflow-pkg-managers.yaml
diff --git a/checks/testdata/github-workflow-shells-all-windows-bash.yaml b/checks/testdata/.github/workflows/github-workflow-shells-all-windows-bash.yaml
similarity index 100%
rename from checks/testdata/github-workflow-shells-all-windows-bash.yaml
rename to checks/testdata/.github/workflows/github-workflow-shells-all-windows-bash.yaml
diff --git a/checks/testdata/github-workflow-shells-all-windows-matrix-include-empty.yaml b/checks/testdata/.github/workflows/github-workflow-shells-all-windows-matrix-include-empty.yaml
similarity index 100%
rename from checks/testdata/github-workflow-shells-all-windows-matrix-include-empty.yaml
rename to checks/testdata/.github/workflows/github-workflow-shells-all-windows-matrix-include-empty.yaml
diff --git a/checks/testdata/github-workflow-shells-all-windows-matrix-include.yaml b/checks/testdata/.github/workflows/github-workflow-shells-all-windows-matrix-include.yaml
similarity index 100%
rename from checks/testdata/github-workflow-shells-all-windows-matrix-include.yaml
rename to checks/testdata/.github/workflows/github-workflow-shells-all-windows-matrix-include.yaml
diff --git a/checks/testdata/github-workflow-shells-all-windows-matrix.yaml b/checks/testdata/.github/workflows/github-workflow-shells-all-windows-matrix.yaml
similarity index 100%
rename from checks/testdata/github-workflow-shells-all-windows-matrix.yaml
rename to checks/testdata/.github/workflows/github-workflow-shells-all-windows-matrix.yaml
diff --git a/checks/testdata/github-workflow-shells-all-windows.yaml b/checks/testdata/.github/workflows/github-workflow-shells-all-windows.yaml
similarity index 100%
rename from checks/testdata/github-workflow-shells-all-windows.yaml
rename to checks/testdata/.github/workflows/github-workflow-shells-all-windows.yaml
diff --git a/checks/testdata/github-workflow-shells-default-macos.yaml b/checks/testdata/.github/workflows/github-workflow-shells-default-macos.yaml
similarity index 100%
rename from checks/testdata/github-workflow-shells-default-macos.yaml
rename to checks/testdata/.github/workflows/github-workflow-shells-default-macos.yaml
diff --git a/checks/testdata/github-workflow-shells-default-ubuntu.yaml b/checks/testdata/.github/workflows/github-workflow-shells-default-ubuntu.yaml
similarity index 100%
rename from checks/testdata/github-workflow-shells-default-ubuntu.yaml
rename to checks/testdata/.github/workflows/github-workflow-shells-default-ubuntu.yaml
diff --git a/checks/testdata/github-workflow-shells-default-windows.yaml b/checks/testdata/.github/workflows/github-workflow-shells-default-windows.yaml
similarity index 100%
rename from checks/testdata/github-workflow-shells-default-windows.yaml
rename to checks/testdata/.github/workflows/github-workflow-shells-default-windows.yaml
diff --git a/checks/testdata/github-workflow-shells-runner-windows-ubuntu.yaml b/checks/testdata/.github/workflows/github-workflow-shells-runner-windows-ubuntu.yaml
similarity index 100%
rename from checks/testdata/github-workflow-shells-runner-windows-ubuntu.yaml
rename to checks/testdata/.github/workflows/github-workflow-shells-runner-windows-ubuntu.yaml
diff --git a/checks/testdata/github-workflow-shells-specified-job-step.yaml b/checks/testdata/.github/workflows/github-workflow-shells-specified-job-step.yaml
similarity index 100%
rename from checks/testdata/github-workflow-shells-specified-job-step.yaml
rename to checks/testdata/.github/workflows/github-workflow-shells-specified-job-step.yaml
diff --git a/checks/testdata/github-workflow-shells-specified-job-windows.yaml b/checks/testdata/.github/workflows/github-workflow-shells-specified-job-windows.yaml
similarity index 100%
rename from checks/testdata/github-workflow-shells-specified-job-windows.yaml
rename to checks/testdata/.github/workflows/github-workflow-shells-specified-job-windows.yaml
diff --git a/checks/testdata/github-workflow-shells-specified-job.yaml b/checks/testdata/.github/workflows/github-workflow-shells-specified-job.yaml
similarity index 100%
rename from checks/testdata/github-workflow-shells-specified-job.yaml
rename to checks/testdata/.github/workflows/github-workflow-shells-specified-job.yaml
diff --git a/checks/testdata/github-workflow-shells-speficied-step.yaml b/checks/testdata/.github/workflows/github-workflow-shells-speficied-step.yaml
similarity index 100%
rename from checks/testdata/github-workflow-shells-speficied-step.yaml
rename to checks/testdata/.github/workflows/github-workflow-shells-speficied-step.yaml
diff --git a/checks/testdata/github-workflow-shells-two-shells.yaml b/checks/testdata/.github/workflows/github-workflow-shells-two-shells.yaml
similarity index 100%
rename from checks/testdata/github-workflow-shells-two-shells.yaml
rename to checks/testdata/.github/workflows/github-workflow-shells-two-shells.yaml
diff --git a/checks/testdata/github-workflow-shells-windows-bash.yaml b/checks/testdata/.github/workflows/github-workflow-shells-windows-bash.yaml
similarity index 100%
rename from checks/testdata/github-workflow-shells-windows-bash.yaml
rename to checks/testdata/.github/workflows/github-workflow-shells-windows-bash.yaml
diff --git a/checks/testdata/github-workflow-wget-across-steps.yaml b/checks/testdata/.github/workflows/github-workflow-wget-across-steps.yaml
similarity index 100%
rename from checks/testdata/github-workflow-wget-across-steps.yaml
rename to checks/testdata/.github/workflows/github-workflow-wget-across-steps.yaml
diff --git a/checks/testdata/workflow-local-action.yaml b/checks/testdata/.github/workflows/workflow-local-action.yaml
similarity index 100%
rename from checks/testdata/workflow-local-action.yaml
rename to checks/testdata/.github/workflows/workflow-local-action.yaml
diff --git a/checks/testdata/workflow-mix-github-and-non-github-not-pinned.yaml b/checks/testdata/.github/workflows/workflow-mix-github-and-non-github-not-pinned.yaml
similarity index 100%
rename from checks/testdata/workflow-mix-github-and-non-github-not-pinned.yaml
rename to checks/testdata/.github/workflows/workflow-mix-github-and-non-github-not-pinned.yaml
diff --git a/checks/testdata/workflow-mix-github-and-non-github-pinned.yaml b/checks/testdata/.github/workflows/workflow-mix-github-and-non-github-pinned.yaml
similarity index 100%
rename from checks/testdata/workflow-mix-github-and-non-github-pinned.yaml
rename to checks/testdata/.github/workflows/workflow-mix-github-and-non-github-pinned.yaml
diff --git a/checks/testdata/workflow-mix-pinned-and-non-pinned-github.yaml b/checks/testdata/.github/workflows/workflow-mix-pinned-and-non-pinned-github.yaml
similarity index 100%
rename from checks/testdata/workflow-mix-pinned-and-non-pinned-github.yaml
rename to checks/testdata/.github/workflows/workflow-mix-pinned-and-non-pinned-github.yaml
diff --git a/checks/testdata/workflow-mix-pinned-and-non-pinned-non-github.yaml b/checks/testdata/.github/workflows/workflow-mix-pinned-and-non-pinned-non-github.yaml
similarity index 100%
rename from checks/testdata/workflow-mix-pinned-and-non-pinned-non-github.yaml
rename to checks/testdata/.github/workflows/workflow-mix-pinned-and-non-pinned-non-github.yaml
diff --git a/checks/testdata/workflow-non-github-pinned.yaml b/checks/testdata/.github/workflows/workflow-non-github-pinned.yaml
similarity index 100%
rename from checks/testdata/workflow-non-github-pinned.yaml
rename to checks/testdata/.github/workflows/workflow-non-github-pinned.yaml
diff --git a/checks/testdata/workflow-not-pinned.yaml b/checks/testdata/.github/workflows/workflow-not-pinned.yaml
similarity index 100%
rename from checks/testdata/workflow-not-pinned.yaml
rename to checks/testdata/.github/workflows/workflow-not-pinned.yaml
diff --git a/checks/testdata/workflow-pinned.yaml b/checks/testdata/.github/workflows/workflow-pinned.yaml
similarity index 100%
rename from checks/testdata/workflow-pinned.yaml
rename to checks/testdata/.github/workflows/workflow-pinned.yaml