Releases · blackoutsecure/bos-code-scanning-kit

01 Jun 16:41

github-actions

v1.0.5

f0ec5be

v1.0.5 Latest

Latest

v1.0.5

Changes since `v1.0.4`

Features

feat: add HTTP timeout configuration for posture audit GitHub REST calls (2879494)
feat(posture): add HTTP timeout configuration and MSDO detection with related tests (45eadc4)
feat(posture): implement PS012 for pinned actions in workflows and add related tests (98be5be)
feat: enhance output formatting and severity reporting in posture audit (864b666)
feat(audit): add support for secret-scanning push protection checks and update related documentation (eddcc58)
feat(sarif): implement sanitization for SARIF results to ensure GHAS compliance (f9ed1fe)
feat(workflows): add models permission for AI changelog integration (b73ac72)
feat(release): enable AI-generated changelog for GitHub Release body (febae6b)
feat(workflows): enhance self-scan and marketplace workflows with advanced scanning controls and release-time gates (a80e321)
feat(workflows): add advanced PAT-aware self-scan; explicit launchpad security_scan toggle (bad6361)
feat: enhance self-scan and tests with preflight runner validation and improved handling of GitHub token permissions (ff480d7)
feat: clarify github_token usage in README and action.yml for posture audit (ebf00dc)
feat: update permissions for security scan job requirements in workflow (baa71ac)
feat: implement CodeQL workflow for consolidated security scanning (00e0805)
feat: update security scan configuration and enhance README with version pinning details (c80c554)
feat: enhance workflows and scripts for improved code scanning and testing (bf6986e)

Fixes

fix(docs): update github_token usage instructions in README and action.yml (a04e694)
fix(action): clarify github_token description and fallback behavior in action.yml (00aee65)
fix(workflows): forward DEFAULT_RUNNER variable in self-scan preflight step (f145579)
fix(action): update github_token description and fallback behavior in action.yml (f9e4a56)
fix(release): include pyproject.toml in promote allowlist (8bf87a1)
fix: replace tar extraction with Python to support minimal runners lacking xz binary (6b9b3c6)
fix: ensure physicalLocation is present in SARIF results to comply with GHAS requirements (452d069)

Documentation

docs: update README and action.yml to clarify PAT requirements for posture audit (c40433b)
docs: update launchpad references after hub rename (62977a0)

Raw commits (27)

2879494  feat: add HTTP timeout configuration for posture audit GitHub REST calls
f2949cb  ci(release): sync repo About box (description / homepage / topics) after each release
45eadc4  feat(posture): add HTTP timeout configuration and MSDO detection with related tests
98be5be  feat(posture): implement PS012 for pinned actions in workflows and add related tests
864b666  feat: enhance output formatting and severity reporting in posture audit
eddcc58  feat(audit): add support for secret-scanning push protection checks and update related documentation
a04e694  fix(docs): update github_token usage instructions in README and action.yml
00aee65  fix(action): clarify github_token description and fallback behavior in action.yml
f145579  fix(workflows): forward DEFAULT_RUNNER variable in self-scan preflight step
f9e4a56  fix(action): update github_token description and fallback behavior in action.yml
c40433b  docs: update README and action.yml to clarify PAT requirements for posture audit
8bf87a1  fix(release): include pyproject.toml in promote allowlist
f9ed1fe  feat(sarif): implement sanitization for SARIF results to ensure GHAS compliance
b73ac72  feat(workflows): add models permission for AI changelog integration
febae6b  feat(release): enable AI-generated changelog for GitHub Release body
6b9b3c6  fix: replace tar extraction with Python to support minimal runners lacking xz binary
452d069  fix: ensure physicalLocation is present in SARIF results to comply with GHAS requirements
a80e321  feat(workflows): enhance self-scan and marketplace workflows with advanced scanning controls and release-time gates
62977a0  docs: update launchpad references after hub rename
6277b59  follow hub rename to bos-launchpad-* family
bad6361  feat(workflows): add advanced PAT-aware self-scan; explicit launchpad security_scan toggle
ff480d7  feat: enhance self-scan and tests with preflight runner validation and improved handling of GitHub token permissions
ebf00dc  feat: clarify github_token usage in README and action.yml for posture audit
baa71ac  feat: update permissions for security scan job requirements in workflow
00e0805  feat: implement CodeQL workflow for consolidated security scanning
c80c554  feat: update security scan configuration and enhance README with version pinning details
bf6986e  feat: enhance workflows and scripts for improved code scanning and testing

Build information

Version: 1.0.5
Tag: v1.0.5
Commit: 28794947c8c6
Built: 2026-06-01T16:41:02Z

Generated by bos-automation-hub.

Full Changelog: v1.0.4...v1.0.5

Assets 2

29 May 15:14

github-actions

v1.0.4

2ce8816

v1.0.4

Changes since `v1.0.3`

Features

feat: enhance output formatting and severity reporting in posture audit (864b666)
feat(audit): add support for secret-scanning push protection checks and update related documentation (eddcc58)
feat(sarif): implement sanitization for SARIF results to ensure GHAS compliance (f9ed1fe)
feat(workflows): add models permission for AI changelog integration (b73ac72)
feat(release): enable AI-generated changelog for GitHub Release body (febae6b)
feat(workflows): enhance self-scan and marketplace workflows with advanced scanning controls and release-time gates (a80e321)
feat(workflows): add advanced PAT-aware self-scan; explicit launchpad security_scan toggle (bad6361)
feat: enhance self-scan and tests with preflight runner validation and improved handling of GitHub token permissions (ff480d7)
feat: clarify github_token usage in README and action.yml for posture audit (ebf00dc)
feat: update permissions for security scan job requirements in workflow (baa71ac)
feat: implement CodeQL workflow for consolidated security scanning (00e0805)
feat: update security scan configuration and enhance README with version pinning details (c80c554)
feat: enhance workflows and scripts for improved code scanning and testing (bf6986e)

Fixes

fix(docs): update github_token usage instructions in README and action.yml (a04e694)
fix(action): clarify github_token description and fallback behavior in action.yml (00aee65)
fix(workflows): forward DEFAULT_RUNNER variable in self-scan preflight step (f145579)
fix(action): update github_token description and fallback behavior in action.yml (f9e4a56)
fix(release): include pyproject.toml in promote allowlist (8bf87a1)
fix: replace tar extraction with Python to support minimal runners lacking xz binary (6b9b3c6)
fix: ensure physicalLocation is present in SARIF results to comply with GHAS requirements (452d069)

Documentation

docs: update README and action.yml to clarify PAT requirements for posture audit (c40433b)
docs: update launchpad references after hub rename (62977a0)

Raw commits (23)

864b666  feat: enhance output formatting and severity reporting in posture audit
eddcc58  feat(audit): add support for secret-scanning push protection checks and update related documentation
a04e694  fix(docs): update github_token usage instructions in README and action.yml
00aee65  fix(action): clarify github_token description and fallback behavior in action.yml
f145579  fix(workflows): forward DEFAULT_RUNNER variable in self-scan preflight step
f9e4a56  fix(action): update github_token description and fallback behavior in action.yml
c40433b  docs: update README and action.yml to clarify PAT requirements for posture audit
8bf87a1  fix(release): include pyproject.toml in promote allowlist
f9ed1fe  feat(sarif): implement sanitization for SARIF results to ensure GHAS compliance
b73ac72  feat(workflows): add models permission for AI changelog integration
febae6b  feat(release): enable AI-generated changelog for GitHub Release body
6b9b3c6  fix: replace tar extraction with Python to support minimal runners lacking xz binary
452d069  fix: ensure physicalLocation is present in SARIF results to comply with GHAS requirements
a80e321  feat(workflows): enhance self-scan and marketplace workflows with advanced scanning controls and release-time gates
62977a0  docs: update launchpad references after hub rename
6277b59  follow hub rename to bos-launchpad-* family
bad6361  feat(workflows): add advanced PAT-aware self-scan; explicit launchpad security_scan toggle
ff480d7  feat: enhance self-scan and tests with preflight runner validation and improved handling of GitHub token permissions
ebf00dc  feat: clarify github_token usage in README and action.yml for posture audit
baa71ac  feat: update permissions for security scan job requirements in workflow
00e0805  feat: implement CodeQL workflow for consolidated security scanning
c80c554  feat: update security scan configuration and enhance README with version pinning details
bf6986e  feat: enhance workflows and scripts for improved code scanning and testing