Skip to content

Choose a tag to compare

@github-actions github-actions released this 16 Jul 03:13
d581be9

Changed

  • Action metadata for the GitHub Marketplace. Renamed the action to
    Draugr Security Scan (a Marketplace name must be unique across all actions/users/orgs)
    and shortened its description to meet the 125-character limit. No behavior or input change —
    uses: draugr-dev/draugr@… is unchanged.

Added

  • First-party GitHub Action. Add Draugr to CI and GitHub code scanning with
    uses: draugr-dev/draugr@vX.Y.Z — it downloads a cosign-verified Draugr release for the
    runner, runs draugr scan against your Saga, and exposes the merged SARIF (sarif output)
    for upload-sarif, so findings land as one clean Draugr tool in the Security tab.
    Inputs cover saga, version, fail-on, fail-on-priority, min-priority, cache-dir,
    output, working-directory, and a raw-args escape hatch; the release signature is
    cosign-verified by default. Draugr's own self-scan now dogfoods this action.