Skip to content

v3.0: The Security Shield πŸ›‘οΈ

Choose a tag to compare

@rahuldass19 rahuldass19 released this 28 Jan 15:56

v3.0: The Security Shield πŸ›‘οΈ

The biggest Action update yet! QWED v3.0 transforms from an LLM verification tool into a full CI/CD security platform.

✨ What's New

πŸ” Secret Scanning

Scan your repo for leaked API keys, tokens, and credentials.

- uses: QWED-AI/qwed-verification@v3
  with:
    action: scan-secrets
    paths: "**/*.env,**/*.json

Detects: OpenAI keys, AWS credentials, GitHub tokens, Stripe keys, PEM files, JWTs, and more.


πŸ›‘οΈ Code Security Analysis
Batch scan Python files for dangerous patterns.

- uses: QWED-AI/qwed-verification@v3
  with:
    action: scan-code
    paths: "**/*.py"

Detects: eval(), exec(), subprocess, os.system, dangerous imports.


πŸ’» Shell Script Linting
Lint shell scripts for RCE patterns before deployment.

- uses: QWED-AI/qwed-verification@v3
  with:
    action: verify-shell
    paths: "**/*.sh"

Blocks: rm -rf /, curl|bash, path traversal, command substitution.


πŸ“Š SARIF Output (GitHub Security Tab)
Integrate directly with GitHub's Security tab.

- uses: QWED-AI/qwed-verification@v3
  with:
    action: scan-code
    output_format: sarif
- uses: github/codeql-action/upload-sarif@v2
  with:
    sarif_file: qwed-results.sarif

πŸ… Badge Output
Generate a verified badge URL for your README.


🎯 Full Example Workflow

name: QWED Security Scan
on: [push, pull_request]

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      
      - name: Scan for secrets
        uses: QWED-AI/qwed-verification@v3
        with:
          action: scan-secrets
      
      - name: Scan Python code
        uses: QWED-AI/qwed-verification@v3
        with:
          action: scan-code
          output_format: sarif
      
      - name: Upload SARIF
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: qwed-results.sarif

Full Changelog: v2.4.1...v3.0