Skip to content

v1.8.0

Latest
Marketplace
Latest
Marketplace
Compare
Choose a tag to compare
@github-actions github-actions released this 25 Apr 16:16
v1.8.0
cc6a9c0
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Highlights

  • Add new attestation-add command to GHA
    This can be used to add Vex documents to images for instance. See the documentation on how to suppress image vulnerabilities with VEX 
    uses: docker/scout-action@v1
with:
  command: attestation-add
  image: IMAGE
  file: in-toto.vex.json
  predicate-type: https://openvex.dev/ns/v0.2.0

Bug Fixes / Improvements

  • Improve format of EPSS score and percentile
    • Before: 
      EPSS Score      : 0.000440
EPSS Percentile : 0.092510
    • After: 
      EPSS Score      : 0.04%
EPSS Percentile : 9th percentile
  • Fix cves command when used to analyse a local file system with a markdown output

Contributors

@cdupuis @LaurentGoderre @eunomie

Assets 2