Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
0.6.7 (2026-03-31)
Security Tools
- deps: bump bridgecrewio/checkov-action (#69) (82abbf0)
- deps: bump github/codeql-action (#67) (912db1d)
- deps: bump github/codeql-action (#68) (86fb109)
- deps: bump github/codeql-action (#70) (5faa480)
- deps: bump github/codeql-action (#71) (36b607e)
- deps: bump github/codeql-action (#72) (f0cba4a)
- deps: bump github/codeql-action (#73) (a955f66)
- deps: bump github/codeql-action (#76) (58e050a)
- deps: bump github/codeql-action in /.github/actions/scanner-osv (#75) (573ef18)
Dependencies
- deps: bump @j-ulrich/release-it-regex-bumper from 5.3.1 to 5.4.0 (#64) (5120640)
- deps: bump conventional-changelog-conventionalcommits (#65) (3c98b18)
- deps: bump google/osv-scanner-action (#74) (b3ffb9c)
- deps: bump the github-actions-major group across 1 directory with 2 updates (#66) (ac15423)
0.6.6 (2026-03-30)
Bug Fixes
0.6.5 (2026-03-25)
Bug Fixes
- ai-summary: resolve gh api --arg flag error in run lookup (d395621)
0.6.4 (2026-03-22)
Continuous Integration
- pin all external GitHub Actions to commit SHAs (8bb7a67)
0.6.3 (2026-03-21)
Documentation
- fix incorrect workflow references and broken example links (7e7b40e)
0.6.2 (2026-03-21)
Security Tools
- deps: bump anchore/sbom-action (#51) (3d7b538)
- deps: bump anchore/sbom-action in /.github/actions/scanner-syft (#53) (c0b1a12)
- deps: bump aquasecurity/setup-trivy (#54) (0a5d093)
- deps: bump aquasecurity/trivy-action (#52) (539da06)
- deps: bump bridgecrewio/checkov-action (#50) (6cc7c88)
Dependencies
- deps: bump the github-actions-major group across 27 directories with 9 updates (d868a7d)
Continuous Integration
- deps: update dependabot configuration to support multiple directories for GitHub Actions (91a89cb)
0.6.1 (2026-03-16)
Bug Fixes
- docs: run mike from repo root where .git exists (cc4155d)
0.6.0 (2026-03-16)
Features
- ai-summary: add AI-powered executive security summary action (aa9e3da)
Bug Fixes
- ai-summary: address PR review comments (88321c4)
- release: add release-it-ignore inline marker for version ref checker (0c31410)
Dependencies
- deps: bump @commitlint/cli from 20.4.3 to 20.5.0 (#41) (fac7497)
- deps: bump @commitlint/config-conventional from 20.4.3 to 20.5.0 (#43) (960218b)
- deps: bump @release-it/conventional-changelog (#42) (64c744f)
- deps: bump actions/download-artifact (#44) (a9b99b3)
Maintenance
- aicac: disable TOON migration suggestions (730744f)
Documentation
- add auto-generated MkDocs documentation site (74504f0)
- add versioned docs with mike (9d976ee)
- refactor docsite into modular package with dynamic config (82dc79a)
Tests
- docsite: add comprehensive tests for docsite package (715e9f7)
- docsite: add tests for diagrams and pages modules (02bf410)
0.5.0 (2026-03-13)
Features
- bandit: add bandit_config_file input for custom configuration (1d17613)
- dependencies: add OSV and dependency-review scanners (77e6514)
Bug Fixes
- bandit: add bandit_config_file passthrough to reusable workflows (e0317db)
- ci: add issues:write permission to AICaC workflow (83d694a)
- clamav: add path traversal protection to archive extraction (45103de)
- dependencies: use collapsible details in summaries and add config_file input (27ffade)
- osv: add config_file to exclude vulnerable test fixtures (e0242a7)
- release-it: skip release_output.txt in version ref checker (f12076b)
Maintenance
- release-it: add version reference coverage checker and consolidate config (795c09a)
- release-it: use stdlib Path.glob for version ref coverage checker (1b32408)
- reusable-security-hardening: temp use of feature branch for e2e tests (f5964ee)
- scanner-bandit: temp use feature branch for e2e tests (2b1bf8f)
Styles
- release-it: fix shellcheck SC2005 in release-preview workflow (b33ab55)
Code Refactoring
- scanner-osv: use official google/osv-scanner-action Docker image (eee381e)
Tests
- dependencies: boost patch coverage to 98-99% for new scanners (e7a8448)
- e2e: add dependency scanner E2E jobs to test-actions.yml (8a48688)
0.4.3 (2026-03-11)
Dependencies
- deps: bump eFAILution/AICaC from 0.1.1 to 0.3.0 (#36) (b4542bc)
- deps: bump the github-actions-major group with 3 updates (a00113d)
0.4.2 (2026-03-05)
Bug Fixes
- ci: add packages:read permission for nested reusable workflow jobs (f4494d7)
Tests
0.4.1 (2026-03-04)
Bug Fixes
- scanner-container: detect and report scan failures instead of silent pass (86fde1b), closes #18
- scanner-container: replace raw error dump with concise status and job log link (7195a5a), closes #18
- scanner-container: use python json.dumps for marker files and add text-based fallback (15afce0)
- security-summary: include CodeQL language-suffixed summaries in PR comment (4b36097), closes #15
- workflows: resolve all shellcheck findings across CI workflows (e61d47a)
Code Refactoring
- scanner-container: simplify error detection and CVE collection (6a3c18e)
Continuous Integration
- workflows: add linting for GitHub Actions workflows (6249813)
0.4.0 (2026-02-26)
Features
- scn-detector: expand FedRAMP Low profile for NIST SP 800-53 Rev 5 and FedRAMP 20X (7e88f98)
Code Refactoring
- deps: remove Docker package ecosystem configuration from Dependabot (d4023e9)
0.3.0 (2026-02-24)
Features
Dependencies
- deps: bump @commitlint/cli from 20.4.1 to 20.4.2 (#12) (6cd8d81)
- deps: bump @commitlint/config-conventional from 20.4.1 to 20.4.2 (#13) (4c7a435)
Code Refactoring
- schemas: co-locate JSON schemas with their actions (419ac12)
0.2.2 (2026-02-17)
Bug Fixes
- container-scan-from-config: actions ref not being updated on new releases (bb13006)
0.2.1 (2026-02-17)
Documentation
- add permissions reqs in docstrings and example configs (9d49319)
- readme: update codecov token (9efce2c)
Code Refactoring
- migrate config-driven workflows to composite actions and rename to argus (a32007d)
Tests
- test-actions: update container images to use Anchore's Syft in workflows (47084d1)
0.2.0 (2026-02-17)
Features
- introducing Argus (b5f2fc7)
Dependencies
- deps: bump eFAILution/AICaC from 0.1.0 to 0.1.1 (#2) (2fb9c05)
- deps: bump the github-actions-major group with 5 updates (a939b51)
Documentation
- update AICaC badge to reflect Comprehensive compliance (79af287)