step-security
diff --git a/‎.github/release-drafter.yml‎
Lines changed: 0 additions & 28 deletions b/‎.github/release-drafter.yml‎
Lines changed: 0 additions & 28 deletions
diff --git a/‎.github/workflows/actions_release.yml‎
Lines changed: 0 additions & 6 deletions b/‎.github/workflows/actions_release.yml‎
Lines changed: 0 additions & 6 deletions
diff --git a/‎.github/workflows/claude_review.yml‎
Lines changed: 0 additions & 18 deletions b/‎.github/workflows/claude_review.yml‎
Lines changed: 0 additions & 18 deletions
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 0 additions & 15 deletions b/‎.github/workflows/release.yml‎
Lines changed: 0 additions & 15 deletions
diff --git a/‎README.md‎
Lines changed: 2 additions & 2 deletions b/‎README.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎dist/index.js‎
Lines changed: 18 additions & 0 deletions b/‎dist/index.js‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎index.js‎
Lines changed: 18 additions & 0 deletions b/‎index.js‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎package.json‎
Lines changed: 4 additions & 4 deletions b/‎package.json‎
Lines changed: 4 additions & 4 deletions
@@ -6,11 +6,6 @@ on:
       tag:
         description: "Tag for the release"
         required: true
-      # Uncomment if using yarn
-      # script:
-      #   description: "Specify the build script to run"
-      #   required: true
-      #   type: string
 
 permissions:
   contents: read
@@ -25,4 +20,3 @@ jobs:
     uses: step-security/reusable-workflows/.github/workflows/actions_release.yaml@v1
     with:
       tag: "${{ github.event.inputs.tag }}"
-      # script: "${{ github.event.inputs.script }}"
@@ -1,6 +1,6 @@
 # Prisma Cloud Scan Action
 
-This GitHub Action will scan container images for vulnerabilities and compliance issues using Prisma Cloud by Palo Alto Networks. With it, you can receive immediate feedback about image vulnerabilities and compliance violations both in GitHub and in the Prisma Cloud Console as well as block builds that do not meet your compliance requirements, such as high or critical vulnerabilities.
+This GitHub Action will scan container images for vulnerabilities and compliance issues using Prisma Cloud. With it, you can receive immediate feedback about image vulnerabilities and compliance violations both in GitHub and in the Prisma Cloud Console as well as block builds that do not meet your compliance requirements, such as high or critical vulnerabilities.
 
 This action is a wrapper around [twistcli](https://docs.twistlock.com/docs/compute_edition/tools/twistcli_scan_images.html) which connects to the specified Prisma Cloud Console for vulnerability and compliance policy and metadata.
 
@@ -36,7 +36,7 @@ jobs:
       # (Optional) for compatibility with GitHub's code scanning alerts
       - name: Upload SARIF file
         if: ${{ always() }} # necessary if using failure thresholds in the image scan
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: ${{ steps.scan.outputs.sarif_file }}
 ```
 
@@ -14771,7 +14771,25 @@ function formatSarif(twistcliVersion, resultsFile) {
   }
 }
 
+async function validateSubscription() {
+  const API_URL = `https://agent.api.stepsecurity.io/v1/github/${process.env.GITHUB_REPOSITORY}/actions/subscription`;
+
+  try {
+    await axios.get(API_URL, {timeout: 3000});
+  } catch (error) {
+    if (error.response && error.response.status === 403) {
+      console.error(
+        'Subscription is not valid. Reach out to [email protected]'
+      );
+      process.exit(1);
+    } else {
+      core.info('Timeout or API not reachable. Continuing to next step.');
+    }
+  }
+}
+
 async function scan() {
+  await validateSubscription();
   const httpProxy = process.env.https_proxy || process.env.HTTPS_PROXY || process.env.http_proxy || process.env.HTTP_PROXY;
   const consoleUrl = core.getInput('pcc_console_url');
   const username = core.getInput('pcc_user');
 
@@ -272,7 +272,25 @@ function formatSarif(twistcliVersion, resultsFile) {
   }
 }
 
+async function validateSubscription() {
+  const API_URL = `https://agent.api.stepsecurity.io/v1/github/${process.env.GITHUB_REPOSITORY}/actions/subscription`;
+
+  try {
+    await axios.get(API_URL, {timeout: 3000});
+  } catch (error) {
+    if (error.response && error.response.status === 403) {
+      console.error(
+        'Subscription is not valid. Reach out to [email protected]'
+      );
+      process.exit(1);
+    } else {
+      core.info('Timeout or API not reachable. Continuing to next step.');
+    }
+  }
+}
+
 async function scan() {
+  await validateSubscription();
   const httpProxy = process.env.https_proxy || process.env.HTTPS_PROXY || process.env.http_proxy || process.env.HTTP_PROXY;
   const consoleUrl = core.getInput('pcc_console_url');
   const username = core.getInput('pcc_user');
 
@@ -1,19 +1,19 @@
 {
   "name": "prisma-cloud-scan",
   "description": "Scan with Prisma Cloud",
-  "author": "Palo Alto Networks",
+  "author": "step-security",
   "license": "Apache-2.0",
   "scripts": {
     "lint": "eslint index.js",
     "build": "ncc build index.js --license licenses.txt"
   },
-  "homepage": "https://github.com/paloaltonetworks/prisma-cloud-scan#readme",
+  "homepage": "https://github.com/step-security/prisma-cloud-scan#readme",
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/paloaltonetworks/prisma-cloud-scan.git"
+    "url": "git+https://github.com/step-security/prisma-cloud-scan.git"
   },
   "bugs": {
-    "url": "https://github.com/paloaltonetworks/prisma-cloud-scan/issues"
+    "url": "https://github.com/step-security/prisma-cloud-scan/issues"
   },
   "keywords": [
     "prisma",