Highlights
- Add new
attestation-add
command to GHA
This can be used to add Vex documents to images for instance. See the documentation on how to suppress image vulnerabilities with VEXuses: docker/scout-action@v1 with: command: attestation-add image: IMAGE file: in-toto.vex.json predicate-type: https://openvex.dev/ns/v0.2.0
Bug Fixes / Improvements
- Improve format of EPSS score and percentile
- Before:
EPSS Score : 0.000440 EPSS Percentile : 0.092510
- After:
EPSS Score : 0.04% EPSS Percentile : 9th percentile
- Before:
- Fix
cves
command when used to analyse a local file system with a markdown output