Updated examples with PR check and pinning to commit hashes

README.md

@@ -18,12 +18,18 @@ on:
 
 jobs:
   security-scan:
+    permissions:
+      issues: write
+      contents: read
+      pull-requests: write
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Run Socket Basics
-        uses: SocketDev/socket-basics@1.0.9
+        uses: SocketDev/socket-basics@1.0.10
+        env:
+          GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }}
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           socket_security_api_key: ${{ secrets.SOCKET_SECURITY_API_KEY }}
@@ -106,7 +112,9 @@ Configure scanning policies, notification channels, and rule sets for your entir
 
 **Dashboard-Configured (Enterprise):**
 ```yaml
-- uses: SocketDev/socket-basics@1.0.9
+- uses: SocketDev/socket-basics@1.0.10
+  env:
+    GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }}
   with:
     github_token: ${{ secrets.GITHUB_TOKEN }}
     socket_security_api_key: ${{ secrets.SOCKET_SECURITY_API_KEY }}
@@ -115,7 +123,9 @@ Configure scanning policies, notification channels, and rule sets for your entir
 
 **CLI-Configured:**
 ```yaml
-- uses: SocketDev/socket-basics@1.0.9
+- uses: SocketDev/socket-basics@1.0.10
+  env:
+    GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }}
   with:
     github_token: ${{ secrets.GITHUB_TOKEN }}
     python_sast_enabled: 'true'
@@ -129,10 +139,10 @@ Configure scanning policies, notification channels, and rule sets for your entir
 
 ```bash
 # Build with version tag
-docker build -t socketdev/socket-basics:1.0.9 .
+docker build -t socketdev/socket-basics:1.0.10 .
 
 # Run scan
-docker run --rm -v "$PWD:/workspace" socketdev/socket-basics:1.0.9 \
+docker run --rm -v "$PWD:/workspace" socketdev/socket-basics:1.0.10 \
   --workspace /workspace \
   --python-sast-enabled \
   --secret-scanning-enabled \

docs/github-action.md

@@ -35,12 +35,11 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Run Socket Basics
-        uses: SocketDev/socket-basics@1.0.9
+        uses: SocketDev/socket-basics@1.0.10
         env:
-          # Optional: Explicitly set PR number for guaranteed PR comments
           GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }}
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
@@ -79,7 +78,7 @@ Include these in your workflow's `jobs.<job_id>.permissions` section.
 
 **SAST (Static Analysis):**
 ```yaml
-- uses: SocketDev/socket-basics@1.0.9
+- uses: SocketDev/socket-basics@1.0.10
   with:
     github_token: ${{ secrets.GITHUB_TOKEN }}
     # Enable SAST for specific languages
@@ -93,7 +92,7 @@ Include these in your workflow's `jobs.<job_id>.permissions` section.
 
 **Secret Scanning:**
 ```yaml
-- uses: SocketDev/socket-basics@1.0.9
+- uses: SocketDev/socket-basics@1.0.10
   with:
     github_token: ${{ secrets.GITHUB_TOKEN }}
     secret_scanning_enabled: 'true'
@@ -105,7 +104,7 @@ Include these in your workflow's `jobs.<job_id>.permissions` section.
 
 **Container Scanning:**
 ```yaml
-- uses: SocketDev/socket-basics@1.0.9
+- uses: SocketDev/socket-basics@1.0.10
   with:
     github_token: ${{ secrets.GITHUB_TOKEN }}
     # Scan Docker images (auto-enables container scanning)
@@ -116,7 +115,7 @@ Include these in your workflow's `jobs.<job_id>.permissions` section.
 
 **Socket Tier 1 Reachability:**
 ```yaml
-- uses: SocketDev/socket-basics@1.0.9
+- uses: SocketDev/socket-basics@1.0.10
   with:
     github_token: ${{ secrets.GITHUB_TOKEN }}
     socket_tier_1_enabled: 'true'
@@ -125,7 +124,7 @@ Include these in your workflow's `jobs.<job_id>.permissions` section.
 ### Output Configuration
 
 ```yaml
-- uses: SocketDev/socket-basics@1.0.9
+- uses: SocketDev/socket-basics@1.0.10
   with:
     github_token: ${{ secrets.GITHUB_TOKEN }}
     python_sast_enabled: 'true'
@@ -155,9 +154,8 @@ Configure Socket Basics centrally from the [Socket Dashboard](https://socket.dev
 
 **Enable in workflow:**
 ```yaml
-- uses: SocketDev/socket-basics@1.0.9
+- uses: SocketDev/socket-basics@1.0.10
   env:
-    # Optional: Explicitly set PR number for guaranteed PR comments
     GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }}
   with:
     github_token: ${{ secrets.GITHUB_TOKEN }}
@@ -168,7 +166,7 @@ Configure Socket Basics centrally from the [Socket Dashboard](https://socket.dev
 
 > **Note:** You can also pass credentials using environment variables instead of the `with:` section:
 > ```yaml
-> - uses: SocketDev/socket-basics@1.0.9
+> - uses: SocketDev/socket-basics@1.0.10
 >   env:
 >     SOCKET_SECURITY_API_KEY: ${{ secrets.SOCKET_SECURITY_API_KEY }}
 >   with:
@@ -186,7 +184,7 @@ All notification integrations require Socket Enterprise.
 
 **Slack Notifications:**
 ```yaml
-- uses: SocketDev/socket-basics@1.0.9
+- uses: SocketDev/socket-basics@1.0.10
   with:
     github_token: ${{ secrets.GITHUB_TOKEN }}
     socket_org: ${{ secrets.SOCKET_ORG }}
@@ -198,7 +196,7 @@ All notification integrations require Socket Enterprise.
 
 **Jira Issue Creation:**
 ```yaml
-- uses: SocketDev/socket-basics@1.0.9
+- uses: SocketDev/socket-basics@1.0.10
   with:
     github_token: ${{ secrets.GITHUB_TOKEN }}
     socket_org: ${{ secrets.SOCKET_ORG }}
@@ -213,7 +211,7 @@ All notification integrations require Socket Enterprise.
 
 **Microsoft Teams:**
 ```yaml
-- uses: SocketDev/socket-basics@1.0.9
+- uses: SocketDev/socket-basics@1.0.10
   with:
     github_token: ${{ secrets.GITHUB_TOKEN }}
     socket_org: ${{ secrets.SOCKET_ORG }}
@@ -225,7 +223,7 @@ All notification integrations require Socket Enterprise.
 
 **Generic Webhook:**
 ```yaml
-- uses: SocketDev/socket-basics@1.0.9
+- uses: SocketDev/socket-basics@1.0.10
   with:
     github_token: ${{ secrets.GITHUB_TOKEN }}
     socket_org: ${{ secrets.SOCKET_ORG }}
@@ -237,7 +235,7 @@ All notification integrations require Socket Enterprise.
 
 **SIEM Integration:**
 ```yaml
-- uses: SocketDev/socket-basics@1.0.9
+- uses: SocketDev/socket-basics@1.0.10
   with:
     github_token: ${{ secrets.GITHUB_TOKEN }}
     socket_org: ${{ secrets.SOCKET_ORG }}
@@ -258,6 +256,7 @@ All notification integrations require Socket Enterprise.
 name: Comprehensive Security Scan
 on:
   pull_request:
+    types: [opened, synchronize, reopened]
   push:
     branches: [main, develop]
 
@@ -269,12 +268,11 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Run Socket Basics
-        uses: SocketDev/socket-basics@1.0.9
+        uses: SocketDev/socket-basics@1.0.10
         env:
-          # Optional: Explicitly set PR number for guaranteed PR comments
           GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }}
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
@@ -316,12 +314,11 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Run Full Security Scan
-        uses: SocketDev/socket-basics@1.0.9
+        uses: SocketDev/socket-basics@1.0.10
         env:
-          # Optional: Explicitly set PR number for guaranteed PR comments
           GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }}
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
@@ -352,6 +349,8 @@ jobs:
 ```yaml
 name: Container Security
 on:
+  pull_request:
+    types: [opened, synchronize, reopened]
   push:
     branches: [main]
     paths:
@@ -366,15 +365,14 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Build Docker Image
-        run: docker build -t myapp:1.0.9:${{ github.sha }} .
+        run: docker build -t myapp:1.0.10:${{ github.sha }} .
 
       - name: Scan Container
-        uses: SocketDev/socket-basics@1.0.9
+        uses: SocketDev/socket-basics@1.0.10
         env:
-          # Optional: Explicitly set PR number for guaranteed PR comments
           GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }}
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
@@ -391,7 +389,9 @@ jobs:
 
 ```yaml
 name: Security Scan with Custom Rules
-on: [pull_request]
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
 
 jobs:
   security-scan:
@@ -401,12 +401,11 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Run Socket Basics
-        uses: SocketDev/socket-basics@1.0.9
+        uses: SocketDev/socket-basics@1.0.10
         env:
-          # Optional: Explicitly set PR number for guaranteed PR comments
           GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }}
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
@@ -494,11 +493,11 @@ env:
 
 **Problem:** Scanner reports no files found.
 
-**Solution:** Ensure `actions/checkout@v4` runs before Socket Basics:
+**Solution:** Ensure `actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683` runs before Socket Basics:
 ```yaml
 steps:
-  - uses: actions/checkout@v4  # Must be first
-  - uses: SocketDev/socket-basics@1.0.9
+  - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - Must be first
+  - uses: SocketDev/socket-basics@1.0.10
 ```
 
 ### PR Comments Not Appearing