Below you will find pages that utilize the taxonomy term “Lucashgrifoni”
July 3, 2026
OSS Security Policy as Code
Version updated for https://github.com/lucashgrifoni/OSS-Security-Policy-as-Code-Starter-Kit to version v10.0.0.
This action is used across all versions by 1 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed OSS Security Policy as Code Starter Kit v10.0.0 The normalized-findings major (ADR-030). The kit now correlates the scanner evidence it already composes — six kit evidence JSONs plus four external SARIF drops — into one deduplicated, KEV/EPSS-ranked finding view, delivered as a new versioned artifact and a new command. Stateless by design: one clone-only run, no database, no state between runs, no network.
July 2, 2026
OSS Security Policy as Code
Version updated for https://github.com/lucashgrifoni/OSS-Security-Policy-as-Code-Starter-Kit to version v9.0.3.
This action is used across all versions by 1 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed OSS Security Policy as Code Starter Kit v9.0.3 This release is the v9.0.3 release of the OSS Security Policy as Code Starter Kit (refine this line before publishing).
Highlights No feature-level changes in this release. Improvements retitle SAST-OSV-068 — the kit ingests OSV verdicts, it is not reachability-aware honor SOURCE_DATE_EPOCH for every outcome-affecting clock read; freeze the suite clock formalize SELF_ATTESTED in the published reports/2.0 schema (9.0.3) build Gemara state maps from pairs to clear a Snyk Code false positive Notes release 9.0.3 (#110) ADR-030 amendment re-grounding the v10.0.0 surface; flip ADR-021 to accepted suppress reviewed Snyk Code false positive via .snyk; keep the gate strict make Snyk Code + Snyk Open Source advisory (continue-on-error) License: Apache-2.0.