v2.2.2

What's Changed

• Avoid Grype DB downloads during subsequent invocations of grype scan-action by @saisatishkarra in #115
• chore(deps): bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0 by @dependabot in #113
• add separate signature registry opts for image signing by @saisatishkarra in #116

Full Changelog: v2.2.1...v2.2.2

v2.2.1

What's Changed

• fix unnecessary extra inputs in sca action by @saisatishkarra in #112

Full Changelog: v2.2.0...v2.2.1

v2.2.0

What's Changed

• ci(.github): Add SLSA docker image provenance test workflow by @saisatishkarra in #102
• ci(.github): fix permissions for provenance test workflow by @saisatishkarra in #103
• chore(readme): Add usage examples to security actions by @saisatishkarra in #106
• chore(readme): Add vulnerability migration and breakglass strategy fo… by @saisatishkarra in #107
• github-actions(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 in /security-actions/sign-docker-image by @dependabot in #108
• github-actions(deps): bump anchore/sbom-action from 0.15.8 to 0.15.10 in /security-actions/sca by @dependabot in #105
• github-actions(deps): bump docker/login-action from 3.0.0 to 3.1.0 in /security-actions/sign-docker-image by @dependabot in #101
• feat(sbom): option to publish sbom to tags / GH release assets by @saisatishkarra in #109
• github-actions(deps): bump anchore/sbom-action from 0.15.8 to 0.15.10 in /security-actions/scan-docker-image by @dependabot in #104
• add permissions and GH token needed for sbom releases by @saisatishkarra in #110

Full Changelog: v2.1.0...v2.2.0

v2.1.0

What's Changed

• update docker/login-action to v3.0.0 by @lahabana in #98
• ci(deps): bump cosign to v2.2.3 to avoid sigstore TUF invalid key issue by @saisatishkarra in #100

New Contributors

• @lahabana made their first contribution in #98

Full Changelog: v2.0.3...v2.1.0

v2.0.3

What's Changed

• ci(.github): deprecate reuse of sca scan action in docker image scan by @saisatishkarra in #95

Full Changelog: v2...v2.0.3

v2.0.2

What's Changed

• feat: Add optional "config" input to sca syft action by @saisatishkarra in #94

Full Changelog: v2...v2.0.2

v2.0.1

What's Changed

• ci(.github): fix sca action path and ref for image scan by @saisatishkarra in #93

Full Changelog: v2...v2.0.1

v2.0.0

What's Changed

• ci(.github): generalize sca scan for non docker artifacts by @saisatishkarra in #89
• github-actions(deps): bump anchore/scan-action from 3.6.0 to 3.6.4 in /security-actions/sca by @dependabot in #92
• github-actions(deps): bump andstor/file-existence-action from 2 to 3 in /security-actions/sca by @dependabot in #90
• github-actions(deps): bump anchore/sbom-action from 0.15.4 to 0.15.8 in /security-actions/sca by @dependabot in #91
• github-actions(deps): bump andstor/file-existence-action from 2 to 3 in /security-actions/scan-docker-image by @dependabot in #83

Breaking changes

• #89 (comment)

Full Changelog: v1.15.0...v2.0.0

v1.15.0

What's Changed

• github-actions(deps): bump anchore/scan-action from 3.5.0 to 3.6.0 in /security-actions/scan-docker-image by @dependabot in #78
• github-actions(deps): bump anchore/sbom-action from 0.15.3 to 0.15.4 in /security-actions/scan-docker-image by @dependabot in #77
• update download and upload action to v4 by @saisatishkarra in #79

Full Changelog: v1...v1.15.0

v1.14.0

Actions bumped:

Syft action bumped to v0.15.3
Grype action bumped to v3.5.0
upload-artifact from v3 to v4
checkout action from v3 to v4