Skip to content

v1.1.0

Marketplace
Marketplace

Choose a tag to compare

View all tags
@warengonzaga warengonzaga released this 13 Dec 07:25
· 10 commits to main since this release
v1.1.0
cdd179e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's Changed

  • Added built-in Trivy vulnerability scanning for source code, Dockerfile, and container images
  • Added automatic SARIF upload to GitHub Security tab for vulnerability tracking
  • Added comprehensive security scan results in PR comments with expandable vulnerability details
  • Added optional baseline image comparison to track security improvements over time
  • Added 17 new security-related inputs with sensible defaults (scanning enabled by default)
  • Added 6 new security-related outputs (vulnerability counts by severity)
  • Added example workflows demonstrating basic, strict, and comparison scanning modes
  • Added .trivyignore.example template for managing false positives
  • Updated README with comprehensive security scanning documentation and FAQ section
  • Fixed package.json by removing invalid "main" field (composite actions don't require it)
  • Fixed pr-comment.js with defensive array checks to prevent crashes on malformed Trivy output
  • Updated Trivy action to v0.33.1 (includes 2025 security patches)

Full Changelog: v1.0.5...v1.1.0

Assets 2
Loading