Skip to content

Releases: itscloud0/action-pin-check

action-pin-check v0.4.1

Choose a tag to compare

@itscloud0 itscloud0 released this 16 Jul 19:13

Patch release: align finding codes in text output when workflow paths have different lengths while preserving complete file:line locations.

action-pin-check v0.4.0

Choose a tag to compare

@itscloud0 itscloud0 released this 13 Jul 19:13

action-pin-check v0.4.0

Feature release.

action-pin-check audits GitHub Actions workflows for external action refs that are missing, branch-based, tag-based, or short SHA pins. It is local-first, dependency-free at runtime, and now supports text, JSON, GitHub Actions annotation, and SARIF output.

Included:

  • Optional .action-pin-check.json allowlist for exact reviewed tag refs.
  • --config for an explicit JSON policy path.
  • Branch refs and missing refs remain findings regardless of allowlist entries.
  • --format sarif for GitHub code scanning upload workflows.
  • --format github-annotations for inline CI findings on exact workflow lines.
  • Existing text output for humans.
  • Existing JSON output for automation.
  • Existing --fail-on policy for CI gates.

action-pin-check v0.3.0

Choose a tag to compare

@itscloud0 itscloud0 released this 10 Jul 19:12

action-pin-check v0.3.0

Feature release.

action-pin-check audits GitHub Actions workflows for external action refs that are missing, branch-based, tag-based, or short SHA pins. It is local-first, dependency-free at runtime, and now supports text, JSON, GitHub Actions annotation, and SARIF output.

Included:

  • --format sarif for GitHub code scanning upload workflows.
  • --format github-annotations for inline CI findings on exact workflow lines.
  • Existing text output for humans.
  • Existing JSON output for automation.
  • Existing --fail-on policy for CI gates.

action-pin-check v0.2.0

Choose a tag to compare

@itscloud0 itscloud0 released this 10 Jul 09:11

action-pin-check v0.2.0

Feature release.

action-pin-check audits GitHub Actions workflows for external action refs that are missing, branch-based, tag-based, or short SHA pins. It is local-first, dependency-free at runtime, and now supports text, JSON, and GitHub Actions annotation output.

Included:

  • --format github-annotations for inline CI findings on exact workflow lines.
  • Existing text output for humans.
  • Existing JSON output for automation.
  • Existing --fail-on policy for CI gates.

action-pin-check v0.1.0

Choose a tag to compare

@itscloud0 itscloud0 released this 16 Jun 17:09

action-pin-check v0.1.0

Initial release.

action-pin-check audits GitHub Actions workflows for external action refs that are missing, branch-based, tag-based, or short SHA pins. It is local-first, dependency-free at runtime, and supports both text and JSON output.

Included:

  • CLI scanner for repository roots, workflow directories, or workflow files.
  • Text output for humans.
  • JSON output for automation.
  • --fail-on policy for CI gates.
  • Example unsafe workflow fixture.
  • Unit tests and GitHub Actions CI.