From 7d1cd54a40175446db9cfa9fc581d014dda16d5e Mon Sep 17 00:00:00 2001
From: seqradev <seqradev@gmail.com>
Date: Thu, 15 Jan 2026 08:54:06 +0000
Subject: [PATCH 1/3] feat: Update options with latest enhancements

---
 CHANGELOG.md |  3 +++
 README.md    | 15 +++++++++++----
 action.yml   | 54 ++++++++++++++++++++++++++++++++++------------------
 3 files changed, 49 insertions(+), 23 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 21d64a5..0277b28 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,6 @@
+## v2.1.0
+### feat: Update options with latest enhancements
+- feat: Update options
 ## v2.0.2
 ### fix: Bump version
 ## v2.0.1
diff --git a/README.md b/README.md
index eee987e..a9b3633 100644
--- a/README.md
+++ b/README.md
@@ -84,17 +84,24 @@ jobs:
             upload-sarif: 'false'
 
             # Tag of seqra release
-            seqra-version: 'v2.0.2'
+            seqra-version: 'v2.1.0'
 
-            # Relative path under $GITHUB_WORKSPACE to your rules
-            # By default it is empty, so seqra wil use builtin rules
+            # Paths to custom rules directories (comma-separated)
+            # By default it is empty, so seqra will use builtin rules
             rules-path: 'security/myrules'
 
             # Name of uploaded artifact
             artifact-name: 'sarif'
 
-            #Scan timeout
+            # Log level
+            verbosity: 'info'
+
+            # Scan timeout
             timeout: '15m'
+
+            # Severity levels to report (comma-separated)
+            # Valid values: note, warning, error
+            severity: 'warning,error'
 ```
 
 
diff --git a/action.yml b/action.yml
index 32f40ae..04cd98f 100644
--- a/action.yml
+++ b/action.yml
@@ -1,5 +1,9 @@
-name: "Seqra code analysis"
-description: "Run seqra analysis"
+name: "Seqra security code analysis"
+description: "Security-focused static analyzer for Java and Kotlin"
+
+branding:
+  icon: "target"
+  color: "purple"
 
 inputs:
   project-root:
@@ -10,23 +14,29 @@ inputs:
     default: 'false'
   seqra-version:
     description: 'Tag of seqra release'
-    default: 'v2.0.2'
+    default: 'v2.1.0'
   rules-path:
-    description: 'Relative path under $GITHUB_WORKSPACE to rules. If set rules-repository not used'
-    default: ''
+    description: 'Paths to rules directories (comma-separated)'
+    default: 'builtin'
   token:
     description: 'Token for download rules from private repository'
     required: false
-    default: ${{ github.token }}
+    default: ""
   artifact-name:
     description: 'Name of uploaded artifact'
     default: 'sarif'
+  upload-artifact:
+    description: 'Should seqra-action upload sarif artifact'
+    default: 'true'
   verbosity:
     description: 'Log level'
     default: 'info'
   timeout:
     description: 'Scan timeout'
     default: '15m'
+  severity:
+    description: 'Severity levels to report (comma-separated). Valid values: note, warning, error'
+    default: 'warning,error'
 
 runs:
   using: 'composite'
@@ -41,13 +51,11 @@ runs:
         echo "SEQRA_BIN=$GITHUB_WORKSPACE/$SEQRA_ARTIFACTS/seqra" >> "${GITHUB_OUTPUT}"
         echo "SEQRA_PROJECT=$RUNNER_TEMP/$SEQRA_ARTIFACTS/project" >> "${GITHUB_OUTPUT}"
         echo "SEQRA_SARIF=$RUNNER_TEMP/$SEQRA_ARTIFACTS/seqra.sarif" >> "${GITHUB_OUTPUT}"
-        echo "FLAGS=$FLAGS" >> "${GITHUB_OUTPUT}"
-
-    - name: Copy rules to 
-      if: ${{ inputs.rules-path != '' }}
-      shell: bash
-      run: |
-        cp -R ${{ inputs.rules-path }} ${{ steps.globals.outputs.SEQRA_ARTIFACTS }}/rules
+        TOKEN_FLAG=""
+        if [ -n "${{ inputs.token }}" ]; then
+          TOKEN_FLAG="--github-token ${{ inputs.token }}"
+        fi
+        echo "TOKEN_FLAG=$TOKEN_FLAG" >> "${GITHUB_OUTPUT}"
 
     - name: Download seqra
       uses: robinraju/release-downloader@v1
@@ -57,31 +65,39 @@ runs:
         fileName: 'seqra_linux_amd64.tar.gz'
         out-file-path: ${{ steps.globals.outputs.SEQRA_ARTIFACTS }}
         extract: true
-        token: ${{ inputs.token }}
+        token: ${{ inputs.token || github.token }}
 
     - name: Compile project
       shell: bash
       run: |
-           ${{ steps.globals.outputs.SEQRA_BIN }} --quiet --github-token ${{ inputs.token }} compile \
+           ${{ steps.globals.outputs.SEQRA_BIN }} --quiet ${{ steps.globals.outputs.TOKEN_FLAG }} compile \
              --verbosity ${{ inputs.verbosity }} \
              --output ${{ steps.globals.outputs.SEQRA_PROJECT }} ${{ inputs.project-root }}
 
     - name: Run analysis
       shell: bash
       run: |
-           cmd="${{ steps.globals.outputs.SEQRA_BIN }} --quiet --github-token ${{ inputs.token }} scan"
+           cmd="${{ steps.globals.outputs.SEQRA_BIN }} --quiet ${{ steps.globals.outputs.TOKEN_FLAG }} scan"
 
-           if [ -n "${{ inputs.rules-path }}" ]; then
-             cmd="$cmd --ruleset ${{ steps.globals.outputs.SEQRA_ARTIFACTS }}/rules"
-           fi
+           IFS=',' read -ra RULESETS <<< "${{ inputs.rules-path }}"
+           for ruleset in "${RULESETS[@]}"; do
+             cmd="$cmd --ruleset $ruleset"
+           done
 
            cmd="$cmd --timeout ${{ inputs.timeout }}"
            cmd="$cmd --verbosity ${{ inputs.verbosity }}"
+
+           IFS=',' read -ra SEVERITIES <<< "${{ inputs.severity }}"
+           for sev in "${SEVERITIES[@]}"; do
+             cmd="$cmd --severity $sev"
+           done
+
            cmd="$cmd --output ${{ steps.globals.outputs.SEQRA_SARIF }} ${{ steps.globals.outputs.SEQRA_PROJECT }}"
 
            eval "$cmd"
 
     - name: Upload sarif artifact
+      if: ${{ inputs.upload-artifact == 'true' }}
       uses: actions/upload-artifact@v4
       with:
         name: ${{ inputs.artifact-name }}

From 18f875f35c88069033935c335c9f96bc9bd27c2d Mon Sep 17 00:00:00 2001
From: seqradev <seqradev@gmail.com>
Date: Thu, 15 Jan 2026 15:12:56 +0300
Subject: [PATCH 2/3] ci: Set debug verbosity

---
 .github/workflows/ci.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 290966b..f8977e3 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -54,3 +54,4 @@ jobs:
           project-root: project-root
           token: ${{ secrets.SEQRA_GITHUB_TOKEN }}
           artifact-name: ${{ steps.sanitize.outputs.SANITIZED_NAME }}
+          verbosity: 'debug'

From b470de63de33a3d773d0b05e9e6e9062381d7372 Mon Sep 17 00:00:00 2001
From: seqradev <seqradev@gmail.com>
Date: Thu, 15 Jan 2026 15:28:28 +0300
Subject: [PATCH 3/3] ci: Specify Java version

---
 .github/workflows/ci.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index f8977e3..5e3b4fe 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -18,8 +18,10 @@ jobs:
         include:
           - repo: spring-projects/spring-petclinic
             sha: 30aab0ae764ad845b5eedd76028756835fec771f
+            java-version: 17
           - repo: WebGoat/WebGoat
             sha: 06c0be257f3ec5b02521368b030018816ac94090
+            java-version: 23
 
     runs-on: ubuntu-latest
     container: buildpack-deps:jammy-scm
@@ -39,10 +41,10 @@ jobs:
           SANITIZED_NAME=$(echo "${{ matrix.repo }}" | tr '/' '_')
           echo "SANITIZED_NAME=${SANITIZED_NAME}" >> $GITHUB_OUTPUT
 
-      - name: Set up JDK 17
+      - name: Set up JDK
         uses: actions/setup-java@v3
         with:
-          java-version: '17'
+          java-version: '${{ matrix.java-version }}'
           distribution: 'temurin'
           server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
           settings-path: ${{ github.workspace }} # location for the settings.xml file