v1 — AI Agent Security Posture Scanning

First stable release of the Ancilis scan action.

Usage

- uses: ancilis/scan-action@v1
  with:
    fail-on: high
  env:
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Features

• Runs ancilis scan --ci on every PR
• Posts posture results as PR comments (markdown or minimal)
• Configurable fail threshold (critical/high/medium/low/none)
• SARIF output for GitHub Code Scanning integration
• Evidence upload to Ancilis platform (optional)
• 19 overlay profiles: SOC 2, HIPAA, PCI-DSS, EU AI Act, GDPR, and more

Inputs

Input	Default	Description
fail-on	none	Minimum severity to fail the check
report-format	markdown	PR comment format
upload-sarif	false	Generate SARIF for Code Scanning
overlays	auto-detect	Comma-separated overlay profiles