williambrady · williambrady · Mar 8, 2026 · Mar 1, 2026 · Mar 8, 2026 · Mar 8, 2026
@@ -1,4 +1,4 @@
-# SDLC Code Scanner - Environment Variables Template
+# Portfolio Code Scanner - Environment Variables Template
 # Copy this file to .env and fill in your values
 
 # ========================================

@@ -1,4 +1,4 @@
-# CI workflow for testing the SDLC Code Scanner action itself
+# CI workflow for testing the Portfolio Code Scanner action itself
 name: CI
 
 on:
@@ -73,7 +73,7 @@ jobs:
         with:
           context: .
           push: false
-          tags: sdlc-code-scanner:test
+          tags: portfolio-code-scanner:test
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
@@ -85,7 +85,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Build Docker image
-        run: docker build -t sdlc-code-scanner:test .
+        run: docker build -t portfolio-code-scanner:test .
 
       - name: Create output directory
         run: mkdir -p test-reports && chmod 777 test-reports
@@ -95,7 +95,7 @@ jobs:
           docker run --rm \
             -v ${{ github.workspace }}/tests/fixtures:/repo:ro \
             -v ${{ github.workspace }}/test-reports:/app/reports \
-            sdlc-code-scanner:test \
+            portfolio-code-scanner:test \
             scan-local --repo-path /repo --output-dir /app/reports --format json || true
 
       - name: Verify report generated

@@ -1,8 +1,8 @@
-# Example workflow showing how to use SDLC Code Scanner in your repository
+# Example workflow showing how to use Portfolio Code Scanner in your repository
 # Copy this file to your repository's .github/workflows/ directory
 #
 # NOTE: This workflow is disabled by default in this repository since
-# it references the published action (crofton-cloud/sdlc-code-scanner@v1).
+# it references the published action (williambrady/portfolio-code-scanner@v1).
 # The actual CI tests are in ci.yml which uses the local action.
 
 name: Security Scan
@@ -23,16 +23,16 @@ permissions:
 
 jobs:
   security-scan:
-    name: SDLC Code Scanner Security Scan
+    name: Portfolio Code Scanner Security Scan
     runs-on: ubuntu-latest
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      - name: Run SDLC Code Scanner
+      - name: Run Portfolio Code Scanner
         id: security-scan
-        uses: crofton-cloud/sdlc-code-scanner@v1
+        uses: williambrady/portfolio-code-scanner@v1
         with:
           # Scan the entire repository (default)
           scan-path: '.'
@@ -54,14 +54,14 @@ jobs:
         if: always() && steps.security-scan.outputs.sarif-path != ''
         with:
           sarif_file: ${{ steps.security-scan.outputs.sarif-path }}
-          category: 'sdlc-code-scanner'
+          category: 'portfolio-code-scanner'
 
       - name: Upload scan reports as artifact
         uses: actions/upload-artifact@v4
         if: always()
         with:
           name: security-scan-reports
-          path: .sdlc-code-scanner-reports/
+          path: .portfolio-code-scanner-reports/
           retention-days: 30
 
       - name: Post scan summary comment on PR
@@ -78,7 +78,7 @@ jobs:
 
             const statusEmoji = status === 'passed' ? ':white_check_mark:' : ':x:';
 
-            const body = `## SDLC Code Scanner Security Scan ${statusEmoji}
+            const body = `## Portfolio Code Scanner Security Scan ${statusEmoji}
 
             | Severity | Count |
             |----------|-------|

@@ -182,9 +182,9 @@ cython_debug/
 .abstra/
 
 # Visual Studio Code
-#  Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore 
+#  Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore
 #  that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
-#  and can be added to the global gitignore or merged into this file. However, if you prefer, 
+#  and can be added to the global gitignore or merged into this file. However, if you prefer,
 #  you could uncomment the following to ignore the entire vscode folder
 # .vscode/
 
@@ -207,7 +207,7 @@ marimo/_lsp/
 __marimo__/
 
 # ========================================
-# SDLC Code Scanner - Scan Artifacts
+# Portfolio Code Scanner - Scan Artifacts
 # ========================================
 # Scan reports directory
 reports/

@@ -10,7 +10,7 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co
 
 ## Project Overview
 
-SDLC Code Scanner is a Python-based security assessment utility for AWS infrastructure-as-code (IaC). It orchestrates multiple security scanning tools in a Docker container to provide comprehensive security analysis of Terraform, CloudFormation, Python, and npm-based projects.
+Portfolio Code Scanner is a Python-based security assessment utility for AWS infrastructure-as-code (IaC). It orchestrates multiple security scanning tools in a Docker container to provide comprehensive security analysis of Terraform, CloudFormation, Python, and npm-based projects.
 
 ## Architecture
 
@@ -60,7 +60,7 @@ SDLC Code Scanner is a Python-based security assessment utility for AWS infrastr
 
 Build the Docker image:
 ```bash
-docker build -t sdlc-code-scanner .
+docker build -t portfolio-code-scanner .
 ```
 
 Run local repository scan:

@@ -1,11 +1,11 @@
-# SDLC Code Scanner - Multi-stage Dockerfile
+# Portfolio Code Scanner - Multi-stage Dockerfile
 # Installs all IaC security scanning tools in a single container
 # Compatible with GitHub Actions
 
 FROM python:3.11-slim as base
 
 # GitHub Actions labels
-LABEL org.opencontainers.image.source="https://github.com/crofton-cloud/sdlc-code-scanner"
+LABEL org.opencontainers.image.source="https://github.com/williambrady/portfolio-code-scanner"
 LABEL org.opencontainers.image.description="Security scanner for AWS Infrastructure-as-Code"
 LABEL org.opencontainers.image.licenses="PolyForm-Noncommercial-1.0.0"
 
@@ -68,7 +68,7 @@ RUN wget -q https://github.com/aquasecurity/tfsec/releases/download/v${TFSEC_VER
 # ========================================
 # Install Trivy
 # ========================================
-ARG TRIVY_VERSION=0.48.3
+ARG TRIVY_VERSION=0.69.3
 RUN wget -q https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz && \
     tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz && \
     mv trivy /usr/local/bin/ && \

@@ -34,7 +34,7 @@ URL for them above, as well as copies of any plain-text lines
 beginning with `Required Notice:` that the licensor provided
 with the software.  For example:
 
-> Required Notice: Copyright Crofton Cloud (https://crofton.cloud)
+> Required Notice: Copyright William Brady (https://github.com/williambrady)
 
 ## Changes and New Works License
 
@@ -131,6 +131,6 @@ of your licenses.
 
 ---
 
-Required Notice: Copyright (c) 2026 Crofton Cloud (https://crofton.cloud)
+Required Notice: Copyright (c) 2026 William Brady (https://github.com/williambrady)
 
-For licensing inquiries, contact: licensing@crofton.cloud
+For licensing inquiries, visit: https://github.com/williambrady