Socket Basics Security Scanner
Version updated for https://github.com/SocketDev/socket-basics to version v2.0.0.
- This publisher is shown as ‘verified’ by GitHub.
- This action is used across all versions by ? repositories.
Action Type
This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
Action Summary
Socket Basics is a comprehensive security scanning GitHub Action that automates static application security testing (SAST), secrets detection, container scanning, and dependency analysis, consolidating results into a unified format. It simplifies security workflows by centralizing policy management through the Socket Dashboard and providing actionable pull request comments to streamline issue resolution. This tool enhances software supply chain security while offering seamless integration with GitHub Actions and other CI/CD environments.
Release notes
What’s Changed
🔧 Other Changes
- feat: 🐳 multi-stage Docker builds, immutable release pipeline,
CHANGELOGautomation by @lelia in https://github.com/SocketDev/socket-basics/pull/46 - fix(ci): add conventional commit prefixes to Dependabot config by @lelia in https://github.com/SocketDev/socket-basics/pull/53
- fix(ci): support breaking change indicator (!) in commit-lint pattern by @lelia in https://github.com/SocketDev/socket-basics/pull/54
- fix(ci): accept full tag name in workflow_dispatch, drop auto-v-prefix by @lelia in https://github.com/SocketDev/socket-basics/pull/55
- feat!: switch to pre-built GHCR images by @lelia in https://github.com/SocketDev/socket-basics/pull/48
Full Changelog: https://github.com/SocketDev/socket-basics/compare/1.1.3...v2.0.0