Version updated for https://github.com/fluidattacks/sast-action to version 1.2.0. This action is used across all versions by 2 repositories. Action Type This is a Composite action. Go to the GitHub Marketplace to find the latest changes. Action Summary The Fluid Attacks SAST GitHub Action is a free, open-source tool for static application security testing (SAST) that automates code analysis in repositories without requiring accounts or API keys. It detects vulnerabilities by performing either full scans or differential scans (analyzing only changed files) based on the context of pushes, pull requests, or schedules, optimizing security checks while maintaining CI efficiency. Results are generated in SARIF format, which can be reviewed locally or integrated with GitHub’s Security tab for enhanced visibility and tracking of code scanning alerts.

Version updated for https://github.com/fluidattacks/secret-scan-action to version 0.0.2. This action is used across all versions by ? repositories. Action Type This is a Composite action. Go to the GitHub Marketplace to find the latest changes. Action Summary The Fluid Attacks Secrets Scan GitHub Action is a free, open-source tool designed to automatically detect hardcoded secrets in your repository. It streamlines the process of identifying sensitive information such as API keys or passwords by performing full repository scans or targeted differential scans on code changes, with results integrated into GitHub’s Security tab and pull request annotations. This action requires no additional accounts, API keys, or configurations, making it a straightforward solution for enhancing code security.

Version updated for https://github.com/fluidattacks/secret-scan-action to version 0.0.1. This action is used across all versions by ? repositories. Action Type This is a Composite action. Go to the GitHub Marketplace to find the latest changes. Action Summary The Fluid Attacks SECRET SCANNER GitHub Action is an open-source tool designed to automatically detect hardcoded secrets (e.g., API keys, passwords) in your GitHub repository. It streamlines the process of identifying and reporting security vulnerabilities by scanning the entire repository or analyzing changes in pull requests and non-default branches, with results integrated into GitHub’s Security tab and pull request annotations. This action eliminates the need for external accounts, tokens, or API keys, providing a simple, efficient solution for maintaining repository security.