datatheorem
diff --git a/‎README.md‎
Lines changed: 76 additions & 9 deletions b/‎README.md‎
Lines changed: 76 additions & 9 deletions
diff --git a/‎action.yml‎
Lines changed: 16 additions & 1 deletion b/‎action.yml‎
Lines changed: 16 additions & 1 deletion
@@ -8,9 +8,12 @@ https://www.datatheorem.com/products/mobile-secure
 
 Enabling this integration requires a valid Data Theorem API key.
 
-## Set your Data Theorem upload API key as a secret:
-To find your Data Theorem API key, connect to https://www.securetheorem.com/mobile/sdlc/api_access using your Data Theorem account.'  
-Create an encrypted variable named `DT_UPLOAD_API_KEY` in your Github repository
+## Set your Data Theorem API keys as secrets:
+To find your Data Theorem API keys, go to https://www.securetheorem.com/devsecops/results_api_access using your Data Theorem account.
+
+Create encrypted variables in your Github repository:
+- `DT_UPLOAD_API_KEY` - Required for uploading binaries
+- `DT_RESULTS_API_KEY` - Required when using vulnerability blocking (BLOCK_ON_SEVERITY) or warnings (WARN_ON_SEVERITY)
 
 For more information, see [Github Encrypted secrets](https://docs.github.com/en/actions/reference/encrypted-secrets)
 
@@ -32,6 +35,67 @@ At this time, comments, release id, external id, and platform variant parameters
 
 If multiple files match the provided pattern, the same set of optional values will be sent with each file. 
 
+## Vulnerability Blocking and Warnings
+
+The action supports automatic build blocking and vulnerability warnings based on security findings.
+
+### `BLOCK_ON_SEVERITY`
+When `BLOCK_ON_SEVERITY` is specified, the action will:
+
+1. Wait for the scan to complete (up to 5 minutes)
+2. Check for security findings at or above the specified severity level
+3. Block the build if any vulnerabilities are found at the minimum severity threshold
+
+### `WARN_ON_SEVERITY`
+When `WARN_ON_SEVERITY` is specified, the action will:
+
+1. Wait for the scan to complete (up to 5 minutes)
+2. Check for security findings at or above the specified severity level
+3. Print warning messages if vulnerabilities are found, but continue the build
+
+**Important:** Both vulnerability blocking and warnings require a separate `DT_RESULTS_API_KEY` with results access permissions.
+
+### Severity Levels
+- `HIGH`: Block on high severity vulnerabilities only
+- `MEDIUM`: Block on medium and high severity vulnerabilities  
+- `LOW`: Block on all severity vulnerabilities (low, medium, high)
+
+### Example with Vulnerability Blocking
+```yaml
+- name: Upload to Data Theorem with blocking if high or medium vulnerabilities are found
+  uses: datatheorem/datatheorem-mobile-secure-action@v2.3.1
+  with:
+    UPLOAD_BINARY_PATH: "./app/build/outputs/apk/debug/app-debug.apk"
+    DT_UPLOAD_API_KEY: ${{ secrets.DT_UPLOAD_API_KEY }}
+    DT_RESULTS_API_KEY: ${{ secrets.DT_RESULTS_API_KEY }}
+    BLOCK_ON_SEVERITY: "MEDIUM"
+```
+
+### Example with Vulnerability Warnings
+```yaml
+- name: Upload to Data Theorem with warnings for high severity vulnerabilities
+  uses: datatheorem/datatheorem-mobile-secure-action@v2.3.1
+  with:
+    UPLOAD_BINARY_PATH: "./app/build/outputs/apk/debug/app-debug.apk"
+    DT_UPLOAD_API_KEY: ${{ secrets.DT_UPLOAD_API_KEY }}
+    DT_RESULTS_API_KEY: ${{ secrets.DT_RESULTS_API_KEY }}
+    WARN_ON_SEVERITY: "HIGH"
+```
+
+### Example with Both Blocking and Warnings
+```yaml
+- name: Upload to Data Theorem with blocking on high and warnings on medium vulnerabilities
+  uses: datatheorem/datatheorem-mobile-secure-action@v2.3.1
+  with:
+    UPLOAD_BINARY_PATH: "./app/build/outputs/apk/debug/app-debug.apk"
+    DT_UPLOAD_API_KEY: ${{ secrets.DT_UPLOAD_API_KEY }}
+    DT_RESULTS_API_KEY: ${{ secrets.DT_RESULTS_API_KEY }}
+    BLOCK_ON_SEVERITY: "HIGH"
+    WARN_ON_SEVERITY: "MEDIUM"
+```
+
+**Note:** Both vulnerability blocking and warning features will cause the action to wait for scan completion before proceeding. This adds time to your build process but ensures security issues are caught before deployment.
+
 ## Sample usage
 
 ```yaml
@@ -46,22 +110,25 @@ jobs:
     name: Generate & Upload APK
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v2
-      - name: set up JDK 1.8
-        uses: actions/setup-java@v1
+      - uses: actions/checkout@v4
+      - name: set up JDK 17
+        uses: actions/setup-java@v4
         with:
-          java-version: 1.8
+          java-version: 17
       - name: Build debug APK
         run: bash ./gradlew assembleDebug
       - name: Upload to Data Theorem
-        uses: datatheorem/datatheorem-mobile-secure-action@v2.1.0
+        uses: datatheorem/datatheorem-mobile-secure-action@v2.3.1
         with:
           UPLOAD_BINARY_PATH: "./app/build/outputs/apk/debug/app-debug.apk"
           DT_UPLOAD_API_KEY: ${{ secrets.DT_UPLOAD_API_KEY }}
+          DT_RESULTS_API_KEY: ${{ secrets.DT_RESULTS_API_KEY }}  # Required for vulnerability blocking
           USERNAME: "test_user"
           PASSWORD: ${{ secrets.DT_DAST_PASSWORD }}
           COMMENTS: "This is a pre-production build."
           RELEASE_ID: ${{ vars.GITHUB_RUN_NUMBER }}
           EXTERNAL_ID: "App_12230045"
+          BLOCK_ON_SEVERITY: "HIGH"  # Optional: Block build on high severity vulnerabilities
+          WARN_ON_SEVERITY: "MEDIUM"  # Optional: Warn on medium severity vulnerabilities
 
-```
+```
@@ -6,6 +6,9 @@ inputs:
   DT_UPLOAD_API_KEY:
     description: 'Data Theorem upload API key'
     required: true
+  DT_RESULTS_API_KEY:
+    description: 'Data Theorem results API key (required when BLOCK_ON_SEVERITY is used)'
+    required: false
   UPLOAD_BINARY_PATH:
     description: >
       Path to the app to upload.
@@ -49,8 +52,20 @@ inputs:
     description: >
       The external_id field represents your organization’s custom identifier for the app, if any.
     required: false
+  BLOCK_ON_SEVERITY:
+    description: >
+      Block the build if vulnerabilities with the specified minimum severity are found.
+      Valid values: HIGH, MEDIUM, LOW. If not specified, build will not be blocked.
+    required: false
+  WARN_ON_SEVERITY:
+    description: >
+      Print warning messages if vulnerabilities with the specified minimum severity are found.
+      This is a softer version of BLOCK_ON_SEVERITY that doesn't fail the build.
+      Valid values: HIGH, MEDIUM, LOW. If not specified, no warnings will be shown.
+      This requires a Data Theorem Mobile Results API Key to be set.
+    required: false
 runs:
-  using: 'node16'
+  using: 'node20'
   main: 'main.js'
 branding:
   color: 'blue'