You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Changed
Action metadata for the GitHub Marketplace. Renamed the action to Draugr Security Scan (a Marketplace name must be unique across all actions/users/orgs)
and shortened its description to meet the 125-character limit. No behavior or input change — uses: draugr-dev/draugr@… is unchanged.
Added
First-party GitHub Action. Add Draugr to CI and GitHub code scanning with uses: draugr-dev/draugr@vX.Y.Z — it downloads a cosign-verified Draugr release for the
runner, runs draugr scan against your Saga, and exposes the merged SARIF (sarif output)
for upload-sarif, so findings land as one clean Draugr tool in the Security tab.
Inputs cover saga, version, fail-on, fail-on-priority, min-priority, cache-dir, output, working-directory, and a raw-args escape hatch; the release signature is
cosign-verified by default. Draugr's own self-scan now dogfoods this action.