Skip to content

Releases: anchore/scan-action

Release v2.0.2

11 Nov 19:42
@alfredodeza alfredodeza
v2.0.2
d9cf567
Compare
Choose a tag to compare
Release v2.0.2
Marketplace
Marketplace

Minor bug-fix release:

Assets 2
Loading

Release v2.0.1

02 Nov 21:22
@alfredodeza alfredodeza
v2.0.1
56abf48
Compare
Choose a tag to compare
Release v2.0.1
Marketplace
Marketplace

Minor bug-fix release.

Fixes:

  • Removes unnecessary constraint in deduplication for SARIF reporting
  • Allows defining and referencing the location of the SARIF report file
  • Fixes multiple instances where undefined items in the reporting would break scanning
Assets 2
Loading

Release v2.0.0

30 Sep 06:48
@zhill zhill
v2.0.0
c2212d9
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v2.0.0
Marketplace
Marketplace

New major version of scan action based on new Grype tool from Anchore that is much faster for scanning compared to v1.x and adds some new capabilities and more metadata about the matches.

  • Significantly faster performance for scans
  • New vulnerabilities output format is the JSON output from Grype directly
  • Adds support for scanning directories as well as Docker containers, so you can do the same checks pre-and post-build of the container.
  • Supports Automatic Code Scanning/SARIF for exposing results via your repository's Security tab.

This is a breaking change from v1.x, as indicated by the major version revision:

  1. Use image input parameter Instead of image-reference
  2. dockerfile-path is no longer supported and not necessary for the vulnerability scans
  3. custom-policy-path is no longer supported
  4. include-app-packages is no longer necessary or supported. Application packages are on by default and will receive vulnerability matches.
  5. Outputs:
    1. billofmaterials is no longer output. V2 is focused on vulnerability scanning and another action may be introduced for BoM support with its own options/config.
    2. policycheck is no longer output
Assets 2
Loading

Release v1.0.9

02 Sep 19:32
@robertp robertp
v1.0.9
5c18729
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.0.9
Marketplace
Marketplace

Update to Anchore Engine 0.8.1

Assets 2
Loading

Release v1.0.8

12 Aug 19:58
@robertp robertp
v1.0.8
618cb77
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.0.8
Marketplace
Marketplace

Update to Anchore Engine 0.8.0

Assets 2
Loading

Release v1.0.7

10 Jul 00:16
@robertp robertp
v1.0.7
2eb156f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.0.7
Marketplace
Marketplace

Update to Anchore Engine 0.7.3

Assets 2
Loading

Release v1.0.6

09 Jun 17:58
@Btodhunter Btodhunter
1.0.6
7e648bc
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.0.6
Marketplace
Marketplace

Adds optional support for integration with GitHub code scanning.

Assets 2
Loading

v1.0.5 Release

08 Jun 20:27
@Btodhunter Btodhunter
1.0.5
642e59b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.5 Release
Marketplace
Marketplace

Update Anchore Engine to v0.7.2

Assets 2
Loading

v1.0.4 Release

04 May 19:50
@Btodhunter Btodhunter
v1.0.4
cb690d8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.4 Release
Marketplace
Marketplace 
Update v0.7.1 (#28)

* update dependencies
* update to engine v0.7.1

Signed-off-by: Brady Todhunter <bradyt@anchore.com>
Assets 2
Loading

v1.0.3 Release

02 Apr 18:11
@markjacksonfishing markjacksonfishing
v1.0.3
1a2b817
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.3 Release
Marketplace
Marketplace 
check if failBuild is set specifically to true, not just a value (#24)

Signed-off-by: Brady Todhunter <bradyt@anchore.com>
Assets 2
Loading