chore(main): release 1.5.1

CHANGELOG.md

@@ -1,5 +1,102 @@
 # Changelog
 
+## [1.5.1](https://github.com/jmadhur87/github-action/compare/v3.1.1...v1.5.1) (2026-05-25)
+
+
+### ⚠ BREAKING CHANGES
+
+* `fortify/github-action/setup`: Now uses `@fortify/setup` NPM component instead of GitHub-specific implementation, resulting in changes to supported action inputs and environment variables
+* `fortify/github-action`: Now uses `fcli action run ci` instead of GitHub-specific scripts, resulting in changes to supported action inputs and environment variables
+* `fortify/github-action/*`: All sub-actions except for the `setup` action have been removed; use the top-level `fortify/github-action` to run a full AST scan pipeline, or use the `setup` action in combination with `fcli` commands or actions to implement custom workflows
+* Upgrade fcli to v3.4.1
+* Removed `SC_SAST_LOGIN_EXTRA_OPTS`
+* `EXTRA_SC_SAST_SCAN_OPTS` may need to be updated according to new `fcli sc-sast scan start` syntax
+* Any custom fcli actions referenced in `*_ACTION` inputs will need to be migrated to fcli 3.x action syntax
+
+### Features
+
+* `EXTRA_SC_SAST_SCAN_OPTS` may need to be updated according to new `fcli sc-sast scan start` syntax ([63455f2](https://github.com/jmadhur87/github-action/commit/63455f2b62ca4e61d4e76a5a34ce26175b83f389))
+* `fortify/github-action/*`: All sub-actions except for the `setup` action have been removed; use the top-level `fortify/github-action` to run a full AST scan pipeline, or use the `setup` action in combination with `fcli` commands or actions to implement custom workflows ([899cd9b](https://github.com/jmadhur87/github-action/commit/899cd9b608be9c835b3943bc58ac92020608eae4))
+* `fortify/github-action/setup`: Now uses `@fortify/setup` NPM component instead of GitHub-specific implementation, resulting in changes to supported action inputs and environment variables ([899cd9b](https://github.com/jmadhur87/github-action/commit/899cd9b608be9c835b3943bc58ac92020608eae4))
+* `fortify/github-action`: Now uses `fcli action run ci` instead of GitHub-specific scripts, resulting in changes to supported action inputs and environment variables ([899cd9b](https://github.com/jmadhur87/github-action/commit/899cd9b608be9c835b3943bc58ac92020608eae4))
+* `SC_SAST_SENSOR_VERSION` is now optional ([63455f2](https://github.com/jmadhur87/github-action/commit/63455f2b62ca4e61d4e76a5a34ce26175b83f389))
+* Ability to override tool versions (resolves [#50](https://github.com/jmadhur87/github-action/issues/50)) ([121db14](https://github.com/jmadhur87/github-action/commit/121db14484d13d1b47f7e3e39a91d2f0c2830f40))
+* Add `DO_POLICY_CHECK` and related inputs to enable policy checks after scan completion ([6ee342d](https://github.com/jmadhur87/github-action/commit/6ee342da2f7ce5c98c8fa19b1fbeed461fbda260))
+* Add `DO_PR_COMMENT` and related inputs to enable Pull Request comment generation ([6ee342d](https://github.com/jmadhur87/github-action/commit/6ee342da2f7ce5c98c8fa19b1fbeed461fbda260))
+* Add `DO_SETUP` and related inputs to enable application version/release creation/setup ([6ee342d](https://github.com/jmadhur87/github-action/commit/6ee342da2f7ce5c98c8fa19b1fbeed461fbda260))
+* Add `EXPORT_ACTION` and `EXPORT_EXTRA_OPTS` inputs to allow for export customization ([6ee342d](https://github.com/jmadhur87/github-action/commit/6ee342da2f7ce5c98c8fa19b1fbeed461fbda260))
+* Add `fortify/github-action/with-ghes-artifacts` sub-action to upload CI workflow debug artifacts to GitHub Enterprise Server artifact storage ([15c59a7](https://github.com/jmadhur87/github-action/commit/15c59a785645801d7830cc6e25f57f87e25659e0))
+* Add `fortify/github-action/with-github-artifacts` sub-action to upload CI workflow debug artifacts to github.com artifact storage (same as top-level `fortify/github-action`) ([15c59a7](https://github.com/jmadhur87/github-action/commit/15c59a785645801d7830cc6e25f57f87e25659e0))
+* Add `fortify/github-action/without-artifacts` sub-action that doesn't upload CI workflow debug artifacts, allowing users to upload debug artifacts to a custom storage provider ([15c59a7](https://github.com/jmadhur87/github-action/commit/15c59a785645801d7830cc6e25f57f87e25659e0))
+* Add ability to run and import Debricked scans into SSC (closes [#41](https://github.com/jmadhur87/github-action/issues/41)) ([6ee342d](https://github.com/jmadhur87/github-action/commit/6ee342da2f7ce5c98c8fa19b1fbeed461fbda260))
+* Add support for Debricked CLI on fortify/github-action/setup ([2c7c1e7](https://github.com/jmadhur87/github-action/commit/2c7c1e703af0d7b0f56adf456bf8fa019a51f72a))
+* Add support for fcli 2.1.0 ([7aafc0e](https://github.com/jmadhur87/github-action/commit/7aafc0e7f3ab68a3e2cc010a570981ac38afb5b8))
+* Add support for updateable/customizable tool definitions ([2c7c1e7](https://github.com/jmadhur87/github-action/commit/2c7c1e703af0d7b0f56adf456bf8fa019a51f72a))
+* Any custom fcli actions referenced in `*_ACTION` inputs will need to be migrated to fcli 3.x action syntax ([63455f2](https://github.com/jmadhur87/github-action/commit/63455f2b62ca4e61d4e76a5a34ce26175b83f389))
+* FoD: Add support for creating application through `DO_SETUP` ([2d91e3c](https://github.com/jmadhur87/github-action/commit/2d91e3c5c405391e5ee2cfe725a77b0ded38dcd0))
+* FoD: Automatically set `--app-owner` if `FOD_USER` is configured ([345ddda](https://github.com/jmadhur87/github-action/commit/345ddda04de863b34e9566df5ea088f5872eeef4))
+* FoD: Improve handling of `--copy-from` option in `SETUP_EXTRA_OPTS` ([2d91e3c](https://github.com/jmadhur87/github-action/commit/2d91e3c5c405391e5ee2cfe725a77b0ded38dcd0))
+* Major documentation usability improvements ([22ea8e9](https://github.com/jmadhur87/github-action/commit/22ea8e9ef9edb24e364d1dc66230649726ad450c))
+* Removed `SC_SAST_LOGIN_EXTRA_OPTS` ([63455f2](https://github.com/jmadhur87/github-action/commit/63455f2b62ca4e61d4e76a5a34ce26175b83f389))
+* SC-SAST: Add support for passing scan arguments through `SC_SAST_SCAN_EXTRA_OPTS` ([1bb5d5b](https://github.com/jmadhur87/github-action/commit/1bb5d5b6b23f8b432db8ff43a04ba58c8477ff51))
+* Simplify setup of Debricked scans on FoD ([7c25788](https://github.com/jmadhur87/github-action/commit/7c25788b4c57582d2039d70a1ad9aeb228e34c6c))
+* Update Debricked CLI 2.5.1->2.6.4 ([222ec90](https://github.com/jmadhur87/github-action/commit/222ec9048301eeb76511ec95b6c7aa07a60f3b07))
+* Update fcli 2.11.1->2.12.2 ([222ec90](https://github.com/jmadhur87/github-action/commit/222ec9048301eeb76511ec95b6c7aa07a60f3b07))
+* Update fcli to 2.9.0 ([2d91e3c](https://github.com/jmadhur87/github-action/commit/2d91e3c5c405391e5ee2cfe725a77b0ded38dcd0))
+* Update fcli to 3.13.1 ([603d05a](https://github.com/jmadhur87/github-action/commit/603d05aa10cfab9f642fc7ed6a76372789a6471a))
+* Update fcli to 3.6.0 ([4822149](https://github.com/jmadhur87/github-action/commit/4822149a8a15ae2a1e47e80b096590e8d30fa056))
+* Update ScanCentral Client to 24.4.0 ([f3246ac](https://github.com/jmadhur87/github-action/commit/f3246ac1d35a20a34df0a2d404479f1fabeae574))
+* Update ScanCentral Client to 25.2.0 ([4822149](https://github.com/jmadhur87/github-action/commit/4822149a8a15ae2a1e47e80b096590e8d30fa056))
+* Update ScanCentral Client to 25.4.0 ([603d05a](https://github.com/jmadhur87/github-action/commit/603d05aa10cfab9f642fc7ed6a76372789a6471a))
+* Upgrade fcli to v3.4.1 ([63455f2](https://github.com/jmadhur87/github-action/commit/63455f2b62ca4e61d4e76a5a34ce26175b83f389))
+* Use fcli instead of FortifyVulnerabilityExporter for vulnerability export (closes [#37](https://github.com/jmadhur87/github-action/issues/37)) ([6ee342d](https://github.com/jmadhur87/github-action/commit/6ee342da2f7ce5c98c8fa19b1fbeed461fbda260))
+
+
+### Bug Fixes
+
+* `DO_PR_COMMENT`: Use `GITHUB_API_URL` environment variable instead of hardcoded api.github.com to avoid failure on GitHub Enterprise ([a804808](https://github.com/jmadhur87/github-action/commit/a804808adae91155d7a6d272fc0fc727d99c715f))
+* `fcli ssc action run appversion-summary`: Add note about removed issue count ([4a8f3f3](https://github.com/jmadhur87/github-action/commit/4a8f3f320f4fea2a2ea24d3d4018dbc8985026a0))
+* `fcli ssc action run appversion-summary`: Fix exception if application version has artifacts with 0 issues ([4a8f3f3](https://github.com/jmadhur87/github-action/commit/4a8f3f320f4fea2a2ea24d3d4018dbc8985026a0))
+* Add `DO_PACKAGE_DEBUG` setting to enable debug logging and publish package.zip & logs as job artifacts ([29b093c](https://github.com/jmadhur87/github-action/commit/29b093c0698c5be532f37c4d5160542cb6692891))
+* Allow tool artifacts to be extracted on older PowerShell versions (work-around for https://github.com/actions/toolkit/issues/1179) ([6375519](https://github.com/jmadhur87/github-action/commit/6375519eb64590a413c417f4860be2f0d558197f))
+* Configure static scan on `DO_SETUP` if needed ([9d54346](https://github.com/jmadhur87/github-action/commit/9d543461f910f6408e354456d376e38cb219e1ab))
+* Deprecate EXTRA_*_OPTS variables; these are replaced by *_EXTRA_OPTS variables for consistency ([6ee342d](https://github.com/jmadhur87/github-action/commit/6ee342da2f7ce5c98c8fa19b1fbeed461fbda260))
+* Documentation: Add `DO_WAIT` to applicable FoD sample snippets ([74febec](https://github.com/jmadhur87/github-action/commit/74febec0828d596de142c879d9766d6cc9be69db))
+* Documentation: Update action references to `v2` ([4822149](https://github.com/jmadhur87/github-action/commit/4822149a8a15ae2a1e47e80b096590e8d30fa056))
+* Fix default values for app/version/release ([4ccc5d9](https://github.com/jmadhur87/github-action/commit/4ccc5d9cf86ac7ca0cbf4329b4bf9368b3bb4199))
+* Fix documentation on ScanCentral SAST inputs (fixes [#23](https://github.com/jmadhur87/github-action/issues/23)) ([3a20c7c](https://github.com/jmadhur87/github-action/commit/3a20c7c27810a16129a63b2d7b244072f673d73a))
+* Fix failed 1.5.0 release ([59a2d07](https://github.com/jmadhur87/github-action/commit/59a2d07218bbf90236de8e89cb2883584612e618))
+* Fix potential source file path inconsistencies in SAST security report (see https://github.com/fortify/fcli/issues/749) ([cc61a88](https://github.com/jmadhur87/github-action/commit/cc61a887416d048428bb8a2ae6b157c2da83f36f))
+* Fix ScanCentral SAST documentation link to point to right version ([3b5cd8b](https://github.com/jmadhur87/github-action/commit/3b5cd8bc279d25264d4afbc9a66f9b26144e68f9))
+* FoD: Use `Development` as default value for `--sdlc-status` in `SETUP_EXTRA_OPTS` ([1bb5d5b](https://github.com/jmadhur87/github-action/commit/1bb5d5b6b23f8b432db8ff43a04ba58c8477ff51))
+* FoD: Wait for new release to leave suspended state before attempting to start a scan ([1bb5d5b](https://github.com/jmadhur87/github-action/commit/1bb5d5b6b23f8b432db8ff43a04ba58c8477ff51))
+* Improve FoD `SETUP_EXTRA_OPTS` documentation ([9d54346](https://github.com/jmadhur87/github-action/commit/9d543461f910f6408e354456d376e38cb219e1ab))
+* Improve parsing of boolean flags in `*_EXTRA_OPTS` ([2d91e3c](https://github.com/jmadhur87/github-action/commit/2d91e3c5c405391e5ee2cfe725a77b0ded38dcd0))
+* Install Java version as required by ScanCentral Client (closes [#10](https://github.com/jmadhur87/github-action/issues/10)) ([6ee342d](https://github.com/jmadhur87/github-action/commit/6ee342da2f7ce5c98c8fa19b1fbeed461fbda260))
+* Minor documentation fix ([434e78d](https://github.com/jmadhur87/github-action/commit/434e78d2dcd675cf2b62a929755beaf37732886b))
+* Partial fix to use proper sub-action versions ([7272d0d](https://github.com/jmadhur87/github-action/commit/7272d0d5a7fa67ba3a2eed960818c40f1667e8ab))
+* Properly handle app/release/version names containing spaces ([c04ac28](https://github.com/jmadhur87/github-action/commit/c04ac28398685799fb76a7b02acbcb18af034231))
+* Update `FOD_RELEASE`/`SSC_APPVERSION` documentation with correct default values (fixes [#43](https://github.com/jmadhur87/github-action/issues/43)) ([6ee342d](https://github.com/jmadhur87/github-action/commit/6ee342da2f7ce5c98c8fa19b1fbeed461fbda260))
+* Update Debricked CLI to 2.1.7 ([2d91e3c](https://github.com/jmadhur87/github-action/commit/2d91e3c5c405391e5ee2cfe725a77b0ded38dcd0))
+* Update Debricked CLI to 2.4.0 ([9d54346](https://github.com/jmadhur87/github-action/commit/9d543461f910f6408e354456d376e38cb219e1ab))
+* Update dependencies ([8499a16](https://github.com/jmadhur87/github-action/commit/8499a16f4288e9536889f2a74f4421bab20c3554))
+* Update fcli to 2.1.0 ([9d54346](https://github.com/jmadhur87/github-action/commit/9d543461f910f6408e354456d376e38cb219e1ab))
+* Update fcli to 2.9.1 ([4a8f3f3](https://github.com/jmadhur87/github-action/commit/4a8f3f320f4fea2a2ea24d3d4018dbc8985026a0))
+* Update internal fcli version to honor GitHub proxy settings ([3b5cd8b](https://github.com/jmadhur87/github-action/commit/3b5cd8bc279d25264d4afbc9a66f9b26144e68f9))
+* Update references from fortify-ps/github-action to fortify/github-action ([19d7892](https://github.com/jmadhur87/github-action/commit/19d7892bbbd3bc1c1a1e11ba8dbb1c632c4dcfcf))
+* Update ScanCentral Client 24.4.0->24.4.1 ([222ec90](https://github.com/jmadhur87/github-action/commit/222ec9048301eeb76511ec95b6c7aa07a60f3b07))
+* Update setup action to Node.js 24 ([7afe7f3](https://github.com/jmadhur87/github-action/commit/7afe7f36df6ced6eedf94c28120c2fafcfd51f30))
+* Update to fcli 2.7.1 to fix FoD job summary exception ([6e269a5](https://github.com/jmadhur87/github-action/commit/6e269a5ff311a92d2fc4e83b6eb75c7863b8de69))
+* Upgrade Debricked CLI to v2.6.7 ([63455f2](https://github.com/jmadhur87/github-action/commit/63455f2b62ca4e61d4e76a5a34ce26175b83f389))
+* Use `github/codeql-action/upload-sarif@v3` to remove deprecation warning ([15bc159](https://github.com/jmadhur87/github-action/commit/15bc159ac31679d18a88e6de1f1c2b4637236067))
+* Use proper branch names / versions for sub-action invocations ([d4eb955](https://github.com/jmadhur87/github-action/commit/d4eb955478b251aa76d6c81a29d09db090387bde))
+
+
+### Miscellaneous Chores
+
+* release 1.0.0 ([f68df5c](https://github.com/jmadhur87/github-action/commit/f68df5c9649fc61016ecdab8ce30f351d9090aef))
+* release 1.5.1 ([d4a449d](https://github.com/jmadhur87/github-action/commit/d4a449d5f4e50f801d4dfc141d1674dabd8e3370))
+
 ## [3.1.1](https://github.com/fortify/github-action/compare/v3.1.0...v3.1.1) (2026-05-15)
 
 

action.yml

@@ -18,7 +18,7 @@ inputs:
 runs:
   using: composite
   steps:
-    - uses: fortify/github-action/with-github-artifacts@main
+    - uses: fortify/github-action/with-github-artifacts@v1.5.1
       with:
         debug: ${{ inputs.debug }}
         debug-artifact-name: ${{ inputs.debug-artifact-name }}

version.txt

@@ -1 +1 @@
-3.1.1
+1.5.1

with-ghes-artifacts/action.yml

@@ -20,7 +20,7 @@ runs:
   steps:
     - name: Run Fortify AST Scan
       id: run_ast_scan
-      uses: fortify/github-action/without-artifacts@main
+      uses: fortify/github-action/without-artifacts@v1.5.1
       with:
         debug: ${{ inputs.debug }}
 

with-github-artifacts/action.yml

@@ -20,7 +20,7 @@ runs:
   steps:
     - name: Run Fortify AST Scan
       id: run_ast_scan
-      uses: fortify/github-action/without-artifacts@main
+      uses: fortify/github-action/without-artifacts@v1.5.1
       with:
         debug: ${{ inputs.debug }}
 

without-artifacts/action.yml

@@ -19,7 +19,7 @@ runs:
     - name: Set Fortify data directory
       run: echo "FORTIFY_DATA_DIR=${{ runner.temp }}/fortify-data" >> $GITHUB_ENV
       shell: bash
-    - uses: fortify/github-action/setup@main
+    - uses: fortify/github-action/setup@v1.5.1
       with:
         fcli: bootstrapped
         export-path: false