Lars Gohr

Hey, sorry for the late reply. I have to think about that...

Sure, why not :+1:

Hey, thanks for bringing that up. Could you please check out https://github.com/elgohr/ecr-login-action/releases/tag/1.0.1 ?

Same error? It's hard for me to reproduce, as I don't have an account...

Looks like a SARIF report exporter is already part of ZAP. See - https://www.zaproxy.org/docs/desktop/addons/report-generation/report-sarif-json/ - https://github.com/zaproxy/zap-extensions/tree/main/addOns/reports/src/main/java/org/zaproxy/addon/reports/sarif Sadly I didn't find a way/documentation to use it.

Find an idea at https://github.com/GSA-TTS/FAC/issues/1654

@Riduidel are you sure that `secrets.RELEASE_TOKEN` is present and has the correct permissions?

@Riduidel sorry, I can't reproduce this. The integration test is running fine (https://github.com/elgohr/Github-Release-Action/blob/main/.github/workflows/release.yml - https://github.com/elgohr/Github-Release-Action/actions/runs/5381849785/jobs/9766449798). RELEASE_TOKEN has the following scopes 

@jakecoffman > Dependabot will not update a pseudo-version to another pseudo-version. That is still an open question, but seems like it would be quite noisy. Any open issue on that?...

@rneatherway any updates on this topic? Having the same issue with http. In blackbox scanning, like a [ZAP](https://www.zaproxy.org) scan, a file location isn't useful. Any suggestions for workarounds?