Below you will find pages that utilize the taxonomy term “Xdun1698”
July 1, 2026
RepoScope Security scanning + AI-code provenance
Version updated for https://github.com/xdun1698/reposcope-action to version v1.0.4.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Scan your codebase for security vulnerabilities and AI-code provenance on every push and pull request — inline PR comments, a build-gating security score, and a shareable HTML report.
New in 1.0.4 Listing name updated to “RepoScope Security scanning + AI-code provenance”. What it does 30 security detectors across 14 languages — secrets, SQL injection, XSS, command injection, TLS misconfigurations, permissive CORS, and weak crypto. AI-code provenance — flags which scanned files are attributed to AI coding tools (Copilot, Cursor, Claude, Codeium, Windsurf, Aider, Devin) in git history, and writes a machine-readable provenance.json record. Local and deterministic — no network, no LLM. Inline PR review comments — one per finding: file, line, severity badge, CWE ID, and a fix hint. GitHub Check run — PASS/FAIL against your score threshold, with annotations. HTML report artifact + build gating (fail-on, threshold) + # reposcope-ignore: suppression. Quickstart - uses: actions/checkout@v4 with: fetch-depth: 0 - uses: xdun1698/reposcope-action@v1 with: token: ${{ secrets.GITHUB_TOKEN }} Source: https://github.com/xdun1698/reposcope-action · Website: https://reposcope.app
July 1, 2026
RepoScope Security & Compliance Scanner
Version updated for https://github.com/xdun1698/reposcope-action to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed RepoScope Security & Compliance Scanner v1.0.0 First public release — run RepoScope’s scanner in CI to catch security issues and generate audit-ready compliance evidence on every push and pull request.
What’s included 44 security detectors across 14 languages — hardcoded secrets, SQL injection, XSS, command injection, TLS misconfigs, weak crypto, permissive CORS Inline PR review comments — one per finding with file, line, severity, CWE ID, and fix hint GitHub Check run — PASS/FAIL with a configurable score threshold and annotations on high/critical findings Compliance report artifact — HTML report mapping findings to OWASP Top 10, SOC 2 Type II, PCI-DSS v4.0, EU AI Act Article 12, and ISO/IEC 42001 Configurable build gate — fail-on severity and score threshold Inline suppression via reposcope-ignore comments Setup instructions and all inputs/outputs are in the README.