Yes, this prevents the decoration. The decoration requires the sha1 of the HEAD of the pull request. The Git plugin picks this up during the scan, and the scanner writes it to the report sent to the server. If the SCM provider was not detected as Git, this won’t happen, and so no decoration will happen. This also explains what you seen on GitHub about the pending check.
I have not yet seen a use case of copying sources to run a scan. Would it be possible to copy the .git folder too, or clone from the sources instead of copying, or some other way so that you have sources + SCM data too?
The reason why it was working before is related to the change of GitHub API to decorate. The previous method (using Reviews API) could work with PR numbers without precise commit sha1, the new method (Checks API) requires commit sha1.
One possible remedy I can think of is to add a new scanner parameter to override explicitly the commit sha1 to use. I just don’t know if there is significant demand for this use case.