v3.0: The Security Shield π‘οΈ
The biggest Action update yet! QWED v3.0 transforms from an LLM verification tool into a full CI/CD security platform.
β¨ What's New
π Secret Scanning
Scan your repo for leaked API keys, tokens, and credentials.
- uses: QWED-AI/qwed-verification@v3
with:
action: scan-secrets
paths: "**/*.env,**/*.json
Detects: OpenAI keys, AWS credentials, GitHub tokens, Stripe keys, PEM files, JWTs, and more.
π‘οΈ Code Security Analysis
Batch scan Python files for dangerous patterns.
- uses: QWED-AI/qwed-verification@v3
with:
action: scan-code
paths: "**/*.py"
Detects: eval(), exec(), subprocess, os.system, dangerous imports.
π» Shell Script Linting
Lint shell scripts for RCE patterns before deployment.
- uses: QWED-AI/qwed-verification@v3
with:
action: verify-shell
paths: "**/*.sh"
Blocks: rm -rf /, curl|bash, path traversal, command substitution.
π SARIF Output (GitHub Security Tab)
Integrate directly with GitHub's Security tab.
- uses: QWED-AI/qwed-verification@v3
with:
action: scan-code
output_format: sarif
- uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: qwed-results.sarif
π
Badge Output
Generate a verified badge URL for your README.
π― Full Example Workflow
name: QWED Security Scan
on: [push, pull_request]
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Scan for secrets
uses: QWED-AI/qwed-verification@v3
with:
action: scan-secrets
- name: Scan Python code
uses: QWED-AI/qwed-verification@v3
with:
action: scan-code
output_format: sarif
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: qwed-results.sarif
Full Changelog: v2.4.1...v3.0