Releases: itscloud0/action-pin-check
Release list
action-pin-check v0.4.1
action-pin-check v0.4.0
action-pin-check v0.4.0
Feature release.
action-pin-check audits GitHub Actions workflows for external action refs that are missing, branch-based, tag-based, or short SHA pins. It is local-first, dependency-free at runtime, and now supports text, JSON, GitHub Actions annotation, and SARIF output.
Included:
- Optional
.action-pin-check.jsonallowlist for exact reviewed tag refs. --configfor an explicit JSON policy path.- Branch refs and missing refs remain findings regardless of allowlist entries.
--format sariffor GitHub code scanning upload workflows.--format github-annotationsfor inline CI findings on exact workflow lines.- Existing text output for humans.
- Existing JSON output for automation.
- Existing
--fail-onpolicy for CI gates.
action-pin-check v0.3.0
action-pin-check v0.3.0
Feature release.
action-pin-check audits GitHub Actions workflows for external action refs that are missing, branch-based, tag-based, or short SHA pins. It is local-first, dependency-free at runtime, and now supports text, JSON, GitHub Actions annotation, and SARIF output.
Included:
--format sariffor GitHub code scanning upload workflows.--format github-annotationsfor inline CI findings on exact workflow lines.- Existing text output for humans.
- Existing JSON output for automation.
- Existing
--fail-onpolicy for CI gates.
action-pin-check v0.2.0
action-pin-check v0.2.0
Feature release.
action-pin-check audits GitHub Actions workflows for external action refs that are missing, branch-based, tag-based, or short SHA pins. It is local-first, dependency-free at runtime, and now supports text, JSON, and GitHub Actions annotation output.
Included:
--format github-annotationsfor inline CI findings on exact workflow lines.- Existing text output for humans.
- Existing JSON output for automation.
- Existing
--fail-onpolicy for CI gates.
action-pin-check v0.1.0
action-pin-check v0.1.0
Initial release.
action-pin-check audits GitHub Actions workflows for external action refs that are missing, branch-based, tag-based, or short SHA pins. It is local-first, dependency-free at runtime, and supports both text and JSON output.
Included:
- CLI scanner for repository roots, workflow directories, or workflow files.
- Text output for humans.
- JSON output for automation.
--fail-onpolicy for CI gates.- Example unsafe workflow fixture.
- Unit tests and GitHub Actions CI.