Version updated for https://github.com/advanced-security/component-detection-dependency-submission-action to version v0.1.1. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 203 repositories. Go to the GitHub Marketplace to find the latest changes. Action Summary The Component Detection Dependency Submission GitHub Action automates the extraction and submission of project dependencies by leveraging the Microsoft Component Detection library. It uses static and dynamic scanning to generate a comprehensive dependency tree and uploads it to GitHub’s dependency graph via the dependency submission API.

Version updated for https://github.com/advanced-security/secret-scanning-review-action to version v2.2.2. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 60 repositories. Go to the GitHub Marketplace to find the latest changes. Action Summary The “Secret Scanning Review Action” is a GitHub Action designed to enhance visibility and enforce security by identifying secret scanning alerts in pull requests. It automatically annotates files, summarizes detected secrets, and optionally fails status checks, ensuring that any introduced secrets are addressed before merging.

Version updated for https://github.com/advanced-security/secret-scanning-review-action to version v2.2.1. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 60 repositories. Go to the GitHub Marketplace to find the latest changes. Action Summary The Secret Scanning Review GitHub Action enhances security workflows by detecting and highlighting secrets introduced in pull requests through GitHub’s secret scanning alerts. It automates awareness and enforcement by adding annotations, optionally failing status checks, and summarizing detected secrets in pull request comments and summaries, ensuring reviewers address potential issues before merging.

Version updated for https://github.com/advanced-security/python-lint-code-scanning-action to version v1.1.3. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 353 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes What’s Changed Potential fix for code scanning alert no. 553: Log Injection by @aegilops in https://github.com/advanced-security/python-lint-code-scanning-action/pull/21 Potential fix for code scanning alert no. 556: Workflow does not contain permissions by @aegilops in https://github.com/advanced-security/python-lint-code-scanning-action/pull/22 Update lint_win.

Version updated for https://github.com/advanced-security/dependabot-epss-action to version v0.5. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by ? repositories. Go to the GitHub Marketplace to find the latest changes. Release notes What’s Changed 🤖 Fixes #12 by @felickz in https://github.com/advanced-security/dependabot-epss-action/pull/13 fix: skip alerts w/o CVEs by @moop-moop in https://github.com/advanced-security/dependabot-epss-action/pull/15 New Contributors @moop-moop made their first contribution in https://github.com/advanced-security/dependabot-epss-action/pull/15 Full Changelog: https://github.com/advanced-security/dependabot-epss-action/compare/v0...v0.5

Version updated for https://github.com/advanced-security/policy-as-code to version v2.11.1. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 54 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes What’s Changed Update and Vendor Deps by @GeekMasher in https://github.com/advanced-security/policy-as-code/pull/173 fix(policy): Update violation remediation logic and enhance tests by @GeekMasher in https://github.com/advanced-security/policy-as-code/pull/175 feat(version): v2.11.1 by @GeekMasher in https://github.com/advanced-security/policy-as-code/pull/176 Full Changelog: https://github.com/advanced-security/policy-as-code/compare/v2.11.0...v2.11.1

Version updated for https://github.com/advanced-security/generate-sbom-action to version v1.1. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 24 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes This update just updated dependencies and closes security vulnerabilities.

Version updated for https://github.com/advanced-security/policy-as-code to version v2.11.0. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 54 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes What’s Changed feat(dependencies): update ghastoolkit to version 0.17.4 by @GeekMasher in https://github.com/advanced-security/policy-as-code/pull/169 Update GHASToolkit by @GeekMasher in https://github.com/advanced-security/policy-as-code/pull/171 feat(version): v2.11.0 by @GeekMasher in https://github.com/advanced-security/policy-as-code/pull/172 Full Changelog: https://github.com/advanced-security/policy-as-code/compare/v2.10.1...v2.11.0

Version updated for https://github.com/advanced-security/maven-dependency-submission-action to version v5.0.0. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 35,404 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes Improved multi-module support This release improves multi-module support by reflecting which pom.xml file brings in a particular dependency. Previously, the dependencies were aggregated into the top-level pom.xml file. If a given package is brought in via multiple modules, that package will be reflected in all of the modules that reference it.

Version updated for https://github.com/advanced-security/maven-dependency-submission-action to version v4.1.3. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 35,335 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes The release bumps dependency versions to stay up-to-date.

Version updated for https://github.com/advanced-security/maven-dependency-submission-action to version v4.1.2. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 35,329 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes What’s Changed Add cycle safety for transitive dependencies by @juxtin in https://github.com/advanced-security/maven-dependency-submission-action/pull/103 New Contributors @juxtin made their first contribution in https://github.com/advanced-security/maven-dependency-submission-action/pull/103 Full Changelog: https://github.com/advanced-security/maven-dependency-submission-action/compare/v4...v4.1.2

Version updated for https://github.com/advanced-security/policy-as-code to version v2.10.1. This publisher is shown as ‘verified’ by GitHub. This action is used across all versions by 54 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes What’s Changed Small fixes by @GeekMasher in https://github.com/advanced-security/policy-as-code/pull/167 feat(version): v2.10.1 by @GeekMasher in https://github.com/advanced-security/policy-as-code/pull/168 Full Changelog: https://github.com/advanced-security/policy-as-code/compare/v2.10.0...v2.10.1