Release: 1.4.0

2026-03-30 16:12:38 +00:00 · 2025-04-22 18:16:19 +00:00
parent 66cd015b7c
commit bccf866e7d
9 changed files with 78 additions and 32 deletions
--- a/action.yml
+++ b/action.yml
@@ -44,7 +44,7 @@ runs:
  steps:
    - name: Evaluate
      id: evaluate
-      uses: sonatype/actions/evaluate@v1.3.1
+      uses: sonatype/actions/evaluate@v1.4.0
      with:
        iq-server-url: ${{ inputs.iq-server-url }}
        username: ${{ inputs.username }}
--- a/evaluate/README.md
+++ b/evaluate/README.md
@@ -131,12 +131,12 @@ jobs:
 > [GitHub Advanced Security](https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security) is
 > available for GitHub Enterprise and public repositories.

-> **enable-callflow**\
-> Since version 1.3.0, you can perform a call flow analysis in Java or JVM language binaries to determine the method 
+> **enable-reachability**\
+> Since version 1.3.0, you can perform a reachability analysis in Java or JVM language binaries to determine the method
 > signatures that trigger a security vulnerability. Default: `false`. `Optional`

-> **callflow-namespaces**\
-> Since version 1.3.0, you can limit the call flow analysis to a specific namespace for faster, more precise results. 
+> **reachability-namespaces**\
+> Since version 1.3.0, you can limit the reachability analysis to a specific namespace for faster, more precise results.
 > Multiple namespaces can be delimited by space. Default: `empty`. `Optional`

 ## Output
--- a/evaluate/action.yml
+++ b/evaluate/action.yml
@@ -101,15 +101,23 @@ inputs:
    required: false
    default: false
  enable-callflow:
-    description:
-      'Perform a call flow analysis in Java or JVM language binaries to determine the method signatures that trigger a
-      security vulnerability.'
+    description: 'Deprecated. Use enable-reachability.'
    required: false
    default: false
  callflow-namespaces:
+    description: 'Deprecated. Use reachability-namespaces.'
+    required: false
+    default: ''
+  enable-reachability:
    description:
-      'Limit the call flow analysis to a specific namespace for faster, more precise results. Multiple namespaces can be
-      delimited by space.'
+      'Perform a reachability analysis in Java or JVM language binaries to determine the method signatures that trigger
+      a security vulnerability.'
+    required: false
+    default: false
+  reachability-namespaces:
+    description:
+      'Limit the reachability analysis to a specific namespace for faster, more precise results. Multiple namespaces can
+      be delimited by space.'
    required: false
    default: ''

@@ -131,7 +139,7 @@ runs:
  steps:
    - name: Setup IQ CLI Action
      id: setup-iq-cli
-      uses: sonatype/actions/setup-iq-cli@v1.3.1
+      uses: sonatype/actions/setup-iq-cli@v1.4.0
      with:
        iq-cli-version: 'latest'

@@ -142,7 +150,7 @@ runs:

    - name: Run IQ CLI Action
      id: run-iq-cli
-      uses: sonatype/actions/run-iq-cli@v1.3.1
+      uses: sonatype/actions/run-iq-cli@v1.4.0
      with:
        iq-cli-version: ${{ steps.setup-iq-cli.outputs.iq-cli-version }}
        username: ${{ inputs.username }}
@@ -166,6 +174,8 @@ runs:
        sarif-file: ${{ inputs.sarif-file || inputs.upload-sarif-file }}
        enable-callflow: ${{ inputs.enable-callflow }}
        callflow-namespaces: ${{ inputs.callflow-namespaces }}
+        enable-reachability: ${{ inputs.enable-reachability }}
+        reachability-namespaces: ${{ inputs.reachability-namespaces }}

    - name: Upload result to GitHub Code Scanning
      if: ( success() || failure() ) && steps.run-iq-cli.outputs.sarif-file && inputs.upload-sarif-file == 'true'
--- a/fetch-sbom/dist/main/index.js
+++ b/fetch-sbom/dist/main/index.js
@@ -143692,7 +143692,7 @@ module.exports = index;
 /***/ ((module) => {

 "use strict";
-module.exports = JSON.parse('{"name":"fetch-sbom","description":"GitHub Action for obtaining an SBOM","version":"1.3.1","author":"sonatype","private":true,"homepage":"https://github.com/sonatype/actions/fetch-sbom","repository":{"type":"git","url":"git+https://github.com/sonatype/actions/fetch-sbom.git"},"bugs":{"url":"https://github.com/sonatype/actions/fetch-sbom/issues"},"keywords":["actions","node","setup"],"exports":{".":"./dist/index.js"},"engines":{"node":">=20"},"scripts":{"bundle":"npm run format:write && npm run package","ci-test":"npx jest","coverage":"npx make-coverage-badge --output-path ./badges/coverage.svg","format:write":"npx prettier --config ../.prettierrc.json --ignore-path ../.prettierignore --write .","format:check":"npx prettier --config ../.prettierrc.json --ignore-path ../.prettierignore --check .","lint":"npx eslint . -c ../.github/linters/.eslintrc.yml --ignore-path ../.eslintignore","package":"npx ncc build src/index.ts -o dist/main --license licenses.txt && npx ncc build src/cleanup.ts -o dist/cleanup --license licenses.txt","package:watch":"npm run package -- --watch","test":"npx jest","all":"npm run format:write && npm run lint && npm run test && npm run coverage && npm run package"},"license":"SEE LICENSE IN LICENSE","jest":{"preset":"ts-jest","verbose":true,"clearMocks":true,"testEnvironment":"node","moduleFileExtensions":["js","ts"],"testMatch":["**/*.test.ts"],"testPathIgnorePatterns":["/node_modules/","/dist/"],"transform":{"^.+\\\\.ts$":"ts-jest"},"coverageReporters":["json-summary","text","lcov"],"collectCoverage":true,"collectCoverageFrom":["./src/**"],"reporters":["default",["jest-junit",{"suiteName":"fetch-sbom unit tests","titleTemplate":"{title}","outputName":"fetch-sbom-test-results.xml","ancestorSeparator":" > "}]]},"dependencies":{"@actions/artifact":"^2.1.7","@actions/github":"^6.0.0","@actions/tool-cache":"^2.0.1","@github/dependency-submission-toolkit":"^2.0.4","axios":"^1.7.2"}}');
+module.exports = JSON.parse('{"name":"fetch-sbom","description":"GitHub Action for obtaining an SBOM","version":"1.4.0","author":"sonatype","private":true,"homepage":"https://github.com/sonatype/actions/fetch-sbom","repository":{"type":"git","url":"git+https://github.com/sonatype/actions/fetch-sbom.git"},"bugs":{"url":"https://github.com/sonatype/actions/fetch-sbom/issues"},"keywords":["actions","node","setup"],"exports":{".":"./dist/index.js"},"engines":{"node":">=20"},"scripts":{"bundle":"npm run format:write && npm run package","ci-test":"npx jest","coverage":"npx make-coverage-badge --output-path ./badges/coverage.svg","format:write":"npx prettier --config ../.prettierrc.json --ignore-path ../.prettierignore --write .","format:check":"npx prettier --config ../.prettierrc.json --ignore-path ../.prettierignore --check .","lint":"npx eslint . -c ../.github/linters/.eslintrc.yml --ignore-path ../.eslintignore","package":"npx ncc build src/index.ts -o dist/main --license licenses.txt && npx ncc build src/cleanup.ts -o dist/cleanup --license licenses.txt","package:watch":"npm run package -- --watch","test":"npx jest","all":"npm run format:write && npm run lint && npm run test && npm run coverage && npm run package"},"license":"SEE LICENSE IN LICENSE","jest":{"preset":"ts-jest","verbose":true,"clearMocks":true,"testEnvironment":"node","moduleFileExtensions":["js","ts"],"testMatch":["**/*.test.ts"],"testPathIgnorePatterns":["/node_modules/","/dist/"],"transform":{"^.+\\\\.ts$":"ts-jest"},"coverageReporters":["json-summary","text","lcov"],"collectCoverage":true,"collectCoverageFrom":["./src/**"],"reporters":["default",["jest-junit",{"suiteName":"fetch-sbom unit tests","titleTemplate":"{title}","outputName":"fetch-sbom-test-results.xml","ancestorSeparator":" > "}]]},"dependencies":{"@actions/artifact":"^2.1.7","@actions/github":"^6.0.0","@actions/tool-cache":"^2.0.1","@github/dependency-submission-toolkit":"^2.0.4","axios":"^1.7.2"}}');

 /***/ }),

--- a/run-iq-cli/README.md
+++ b/run-iq-cli/README.md
@@ -130,12 +130,12 @@ jobs:
 > Generates a SARIF file with a specified name containing all identified vulnerabilities. The SARIF file extension must
 > be .sarif or .json. The generated file will be uploaded as an action artifact. `Optional`

-> **enable-callflow**\
-> Since version 1.3.0, you can perform a call flow analysis in Java or JVM language binaries to determine the method
+> **enable-reachability**\
+> Since version 1.3.0, you can perform a reachability analysis in Java or JVM language binaries to determine the method
 > signatures that trigger a security vulnerability. Default: `false`. `Optional`

-> **callflow-namespaces**\
-> Since version 1.3.0, you can limit the call flow analysis to a specific namespace for faster, more precise results.
+> **reachability-namespaces**\
+> Since version 1.3.0, you can limit the reachability analysis to a specific namespace for faster, more precise results.
 > Multiple namespaces can be delimited by space. Default: `empty`. `Optional`

 ## Output
--- a/run-iq-cli/action.yml
+++ b/run-iq-cli/action.yml
@@ -96,15 +96,23 @@ inputs:
      must be .sarif or .json. The generated file will be uploaded as an action artifact.'
    required: false
  enable-callflow:
-    description:
-      'Perform a call flow analysis in Java or JVM language binaries to determine the method signatures that trigger a
-      security vulnerability.'
+    description: 'Deprecated. Use enable-reachability.'
    required: false
    default: false
  callflow-namespaces:
+    description: 'Deprecated. Use reachability-namespaces.'
+    required: false
+    default: ''
+  enable-reachability:
    description:
-      'Limit the call flow analysis to a specific namespace for faster, more precise results. Multiple namespaces can be
-      delimited by space.'
+      'Perform a reachability analysis in Java or JVM language binaries to determine the method signatures that trigger
+      a security vulnerability.'
+    required: false
+    default: false
+  reachability-namespaces:
+    description:
+      'Limit the reachability analysis to a specific namespace for faster, more precise results. Multiple namespaces can
+      be delimited by space.'
    required: false
    default: ''

--- a/run-iq-cli/dist/cleanup/index.js
+++ b/run-iq-cli/dist/cleanup/index.js
@@ -25000,7 +25000,7 @@ cleanup();
 "use strict";

 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.API_V2_RESOURCE_PATH = exports.DEFAULT_SARIF_FILE = exports.CLI_PARAMS_FILE = exports.TEMP_RESULT_FILE = exports.WORKING_DIR = exports.IQ_CLI_JAR = exports.OUTPUT_SCAN_FILE_PATH = exports.OUTPUT_SARIF_FILE_PATH = exports.OUTPUT_RESULT_FILE_PATH = exports.OUTPUT_SARIF_FILE = exports.OUTPUT_REPORT_URL = exports.OUTPUT_SCAN_ID = exports.CALLFLOW_NAMESPACES = exports.ENABLE_CALLFLOW = exports.INPUT_SARIF_FILE = exports.INPUT_EXCLUDE_MAVEN_DEPENDENCY_MANAGEMENT = exports.INPUT_INCLUDE_SHA_256 = exports.INPUT_PROXY_USER = exports.INPUT_PROXY = exports.INPUT_KEEP_SCAN_FILE = exports.INPUT_DEBUG = exports.INPUT_IGNORE_SCANNING_ERRORS = exports.INPUT_IGNORE_SYSTEM_ERRORS = exports.INPUT_FAIL_ON_POLICY_WARNINGS = exports.INPUT_MODULE_EXCLUDE = exports.INPUT_RESULT_FILE = exports.INPUT_STAGE = exports.INPUT_IQ_CLI_VERSION = exports.INPUT_SCAN_TARGETS = exports.INPUT_IQ_SERVER_URL = exports.INPUT_ORGANIZATION_ID = exports.INPUT_APPLICATION_ID = exports.INPUT_PASSWORD = exports.INPUT_USERNAME = void 0;
+exports.API_V2_RESOURCE_PATH = exports.DEFAULT_SARIF_FILE = exports.CLI_PARAMS_FILE = exports.TEMP_RESULT_FILE = exports.WORKING_DIR = exports.IQ_CLI_JAR = exports.OUTPUT_SCAN_FILE_PATH = exports.OUTPUT_SARIF_FILE_PATH = exports.OUTPUT_RESULT_FILE_PATH = exports.OUTPUT_SARIF_FILE = exports.OUTPUT_REPORT_URL = exports.OUTPUT_SCAN_ID = exports.REACHABILITY_NAMESPACES = exports.ENABLE_REACHABILITY = exports.CALLFLOW_NAMESPACES = exports.ENABLE_CALLFLOW = exports.INPUT_SARIF_FILE = exports.INPUT_EXCLUDE_MAVEN_DEPENDENCY_MANAGEMENT = exports.INPUT_INCLUDE_SHA_256 = exports.INPUT_PROXY_USER = exports.INPUT_PROXY = exports.INPUT_KEEP_SCAN_FILE = exports.INPUT_DEBUG = exports.INPUT_IGNORE_SCANNING_ERRORS = exports.INPUT_IGNORE_SYSTEM_ERRORS = exports.INPUT_FAIL_ON_POLICY_WARNINGS = exports.INPUT_MODULE_EXCLUDE = exports.INPUT_RESULT_FILE = exports.INPUT_STAGE = exports.INPUT_IQ_CLI_VERSION = exports.INPUT_SCAN_TARGETS = exports.INPUT_IQ_SERVER_URL = exports.INPUT_ORGANIZATION_ID = exports.INPUT_APPLICATION_ID = exports.INPUT_PASSWORD = exports.INPUT_USERNAME = void 0;
 /*
 *  Copyright (c) 2023-present Sonatype, Inc. All rights reserved.
 *  Includes the third-party code listed at https://links.sonatype.com/products/clm/attributions.
@@ -25028,6 +25028,8 @@ exports.INPUT_EXCLUDE_MAVEN_DEPENDENCY_MANAGEMENT = 'exclude-maven-dependency-ma
 exports.INPUT_SARIF_FILE = 'sarif-file';
 exports.ENABLE_CALLFLOW = 'enable-callflow';
 exports.CALLFLOW_NAMESPACES = 'callflow-namespaces';
+exports.ENABLE_REACHABILITY = 'enable-reachability';
+exports.REACHABILITY_NAMESPACES = 'reachability-namespaces';
 exports.OUTPUT_SCAN_ID = 'scan-id';
 exports.OUTPUT_REPORT_URL = 'report-url';
 exports.OUTPUT_SARIF_FILE = 'sarif-file';
@@ -25086,7 +25088,7 @@ function getAndValidateParameters() {
    const password = core.getInput(constants_1.INPUT_PASSWORD);
    const applicationId = core.getInput(constants_1.INPUT_APPLICATION_ID);
    const organizationId = core.getInput(constants_1.INPUT_ORGANIZATION_ID);
-    const iqServerUrl = core.getInput(constants_1.INPUT_IQ_SERVER_URL);
+    let iqServerUrl = core.getInput(constants_1.INPUT_IQ_SERVER_URL);
    const scanTargets = core.getInput(constants_1.INPUT_SCAN_TARGETS);
    const iqCliVersion = core.getInput(constants_1.INPUT_IQ_CLI_VERSION);
    const stage = core.getInput(constants_1.INPUT_STAGE);
@@ -25104,6 +25106,8 @@ function getAndValidateParameters() {
    let sarifFile = core.getInput(constants_1.INPUT_SARIF_FILE);
    const enableCallflow = core.getBooleanInput(constants_1.ENABLE_CALLFLOW);
    const callflowNamespaces = core.getInput(constants_1.CALLFLOW_NAMESPACES);
+    const enableReachability = core.getBooleanInput(constants_1.ENABLE_REACHABILITY);
+    const reachabilityNamespaces = core.getInput(constants_1.REACHABILITY_NAMESPACES);
    const errorMessages = [];
    const missingRequiredFields = [];
    if (!username) {
@@ -25118,6 +25122,9 @@ function getAndValidateParameters() {
    if (!iqServerUrl) {
        missingRequiredFields.push(constants_1.INPUT_IQ_SERVER_URL);
    }
+    if (iqServerUrl.endsWith('/')) {
+        iqServerUrl = iqServerUrl.substring(0, iqServerUrl.length - 1);
+    }
    if (!applicationId) {
        missingRequiredFields.push(constants_1.INPUT_APPLICATION_ID);
    }
@@ -25167,7 +25174,9 @@ function getAndValidateParameters() {
        excludeMavenDependencyManagement,
        sarifFile,
        enableCallflow,
-        callflowNamespaces
+        callflowNamespaces,
+        enableReachability,
+        reachabilityNamespaces
    };
 }

--- a/run-iq-cli/dist/main/index.js
+++ b/run-iq-cli/dist/main/index.js
@@ -115933,11 +115933,21 @@ class CliCommandBuilder {
            this.pushParameterAndValue(params, '-D excludeMavenDependencyManagement=true');
        }
        if (this.parameters.enableCallflow) {
-            this.pushParameterAndValue(params, '-c');
+            console.warn('The callflow parameter has been deprecated and it will be removed in a future version. Please ' +
+                'refer to the new reachability configuration, which is replacing the existing callflow configuration.');
+        }
+        if (this.parameters.enableCallflow || this.parameters.enableReachability) {
+            this.pushParameterAndValue(params, '-ra');
            if ('' !== this.parameters.callflowNamespaces.trim()) {
                const namespaces = this.parameters.callflowNamespaces.trim().split(spaces);
                for (const namespace of namespaces) {
-                    this.pushParameterAndValue(params, '-cn', namespace.trim());
+                    this.pushParameterAndValue(params, '-rn', namespace.trim());
+                }
+            }
+            if ('' !== this.parameters.reachabilityNamespaces.trim()) {
+                const namespaces = this.parameters.reachabilityNamespaces.trim().split(spaces);
+                for (const namespace of namespaces) {
+                    this.pushParameterAndValue(params, '-rn', namespace.trim());
                }
            }
        }
@@ -115983,7 +115993,7 @@ exports["default"] = CliCommandBuilder;
 "use strict";

 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.API_V2_RESOURCE_PATH = exports.DEFAULT_SARIF_FILE = exports.CLI_PARAMS_FILE = exports.TEMP_RESULT_FILE = exports.WORKING_DIR = exports.IQ_CLI_JAR = exports.OUTPUT_SCAN_FILE_PATH = exports.OUTPUT_SARIF_FILE_PATH = exports.OUTPUT_RESULT_FILE_PATH = exports.OUTPUT_SARIF_FILE = exports.OUTPUT_REPORT_URL = exports.OUTPUT_SCAN_ID = exports.CALLFLOW_NAMESPACES = exports.ENABLE_CALLFLOW = exports.INPUT_SARIF_FILE = exports.INPUT_EXCLUDE_MAVEN_DEPENDENCY_MANAGEMENT = exports.INPUT_INCLUDE_SHA_256 = exports.INPUT_PROXY_USER = exports.INPUT_PROXY = exports.INPUT_KEEP_SCAN_FILE = exports.INPUT_DEBUG = exports.INPUT_IGNORE_SCANNING_ERRORS = exports.INPUT_IGNORE_SYSTEM_ERRORS = exports.INPUT_FAIL_ON_POLICY_WARNINGS = exports.INPUT_MODULE_EXCLUDE = exports.INPUT_RESULT_FILE = exports.INPUT_STAGE = exports.INPUT_IQ_CLI_VERSION = exports.INPUT_SCAN_TARGETS = exports.INPUT_IQ_SERVER_URL = exports.INPUT_ORGANIZATION_ID = exports.INPUT_APPLICATION_ID = exports.INPUT_PASSWORD = exports.INPUT_USERNAME = void 0;
+exports.API_V2_RESOURCE_PATH = exports.DEFAULT_SARIF_FILE = exports.CLI_PARAMS_FILE = exports.TEMP_RESULT_FILE = exports.WORKING_DIR = exports.IQ_CLI_JAR = exports.OUTPUT_SCAN_FILE_PATH = exports.OUTPUT_SARIF_FILE_PATH = exports.OUTPUT_RESULT_FILE_PATH = exports.OUTPUT_SARIF_FILE = exports.OUTPUT_REPORT_URL = exports.OUTPUT_SCAN_ID = exports.REACHABILITY_NAMESPACES = exports.ENABLE_REACHABILITY = exports.CALLFLOW_NAMESPACES = exports.ENABLE_CALLFLOW = exports.INPUT_SARIF_FILE = exports.INPUT_EXCLUDE_MAVEN_DEPENDENCY_MANAGEMENT = exports.INPUT_INCLUDE_SHA_256 = exports.INPUT_PROXY_USER = exports.INPUT_PROXY = exports.INPUT_KEEP_SCAN_FILE = exports.INPUT_DEBUG = exports.INPUT_IGNORE_SCANNING_ERRORS = exports.INPUT_IGNORE_SYSTEM_ERRORS = exports.INPUT_FAIL_ON_POLICY_WARNINGS = exports.INPUT_MODULE_EXCLUDE = exports.INPUT_RESULT_FILE = exports.INPUT_STAGE = exports.INPUT_IQ_CLI_VERSION = exports.INPUT_SCAN_TARGETS = exports.INPUT_IQ_SERVER_URL = exports.INPUT_ORGANIZATION_ID = exports.INPUT_APPLICATION_ID = exports.INPUT_PASSWORD = exports.INPUT_USERNAME = void 0;
 /*
 *  Copyright (c) 2023-present Sonatype, Inc. All rights reserved.
 *  Includes the third-party code listed at https://links.sonatype.com/products/clm/attributions.
@@ -116011,6 +116021,8 @@ exports.INPUT_EXCLUDE_MAVEN_DEPENDENCY_MANAGEMENT = 'exclude-maven-dependency-ma
 exports.INPUT_SARIF_FILE = 'sarif-file';
 exports.ENABLE_CALLFLOW = 'enable-callflow';
 exports.CALLFLOW_NAMESPACES = 'callflow-namespaces';
+exports.ENABLE_REACHABILITY = 'enable-reachability';
+exports.REACHABILITY_NAMESPACES = 'reachability-namespaces';
 exports.OUTPUT_SCAN_ID = 'scan-id';
 exports.OUTPUT_REPORT_URL = 'report-url';
 exports.OUTPUT_SARIF_FILE = 'sarif-file';
@@ -116129,7 +116141,7 @@ function getAndValidateParameters() {
    const password = core.getInput(constants_1.INPUT_PASSWORD);
    const applicationId = core.getInput(constants_1.INPUT_APPLICATION_ID);
    const organizationId = core.getInput(constants_1.INPUT_ORGANIZATION_ID);
-    const iqServerUrl = core.getInput(constants_1.INPUT_IQ_SERVER_URL);
+    let iqServerUrl = core.getInput(constants_1.INPUT_IQ_SERVER_URL);
    const scanTargets = core.getInput(constants_1.INPUT_SCAN_TARGETS);
    const iqCliVersion = core.getInput(constants_1.INPUT_IQ_CLI_VERSION);
    const stage = core.getInput(constants_1.INPUT_STAGE);
@@ -116147,6 +116159,8 @@ function getAndValidateParameters() {
    let sarifFile = core.getInput(constants_1.INPUT_SARIF_FILE);
    const enableCallflow = core.getBooleanInput(constants_1.ENABLE_CALLFLOW);
    const callflowNamespaces = core.getInput(constants_1.CALLFLOW_NAMESPACES);
+    const enableReachability = core.getBooleanInput(constants_1.ENABLE_REACHABILITY);
+    const reachabilityNamespaces = core.getInput(constants_1.REACHABILITY_NAMESPACES);
    const errorMessages = [];
    const missingRequiredFields = [];
    if (!username) {
@@ -116161,6 +116175,9 @@ function getAndValidateParameters() {
    if (!iqServerUrl) {
        missingRequiredFields.push(constants_1.INPUT_IQ_SERVER_URL);
    }
+    if (iqServerUrl.endsWith('/')) {
+        iqServerUrl = iqServerUrl.substring(0, iqServerUrl.length - 1);
+    }
    if (!applicationId) {
        missingRequiredFields.push(constants_1.INPUT_APPLICATION_ID);
    }
@@ -116210,7 +116227,9 @@ function getAndValidateParameters() {
        excludeMavenDependencyManagement,
        sarifFile,
        enableCallflow,
-        callflowNamespaces
+        callflowNamespaces,
+        enableReachability,
+        reachabilityNamespaces
    };
 }

@@ -141054,7 +141073,7 @@ module.exports = JSON.parse('[[[0,44],"disallowed_STD3_valid"],[[45,46],"valid"]
 /***/ ((module) => {

 "use strict";
-module.exports = JSON.parse('{"name":"run-iq-cli","description":"GitHub Action to run IQ cli","version":"1.3.1","author":"sonatype","private":true,"homepage":"https://github.com/sonatype/actions/run-iq-cli","repository":{"type":"git","url":"git+https://github.com/sonatype/actions/run-iq-cli.git"},"bugs":{"url":"https://github.com/sonatype/actions/run-iq-cli/issues"},"keywords":["actions","node","setup"],"exports":{".":"./dist/index.js"},"engines":{"node":">=20"},"scripts":{"bundle":"npm run format:write && npm run package","ci-test":"npx jest","coverage":"npx make-coverage-badge --output-path ./badges/coverage.svg","format:write":"npx prettier --config ../.prettierrc.json --ignore-path ../.prettierignore --write .","format:check":"npx prettier --config ../.prettierrc.json --ignore-path ../.prettierignore --check .","lint":"npx eslint . -c ../.github/linters/.eslintrc.yml --ignore-path ../.eslintignore","package":"npx ncc build src/index.ts -o dist/main --license licenses.txt && npx ncc build src/cleanup.ts -o dist/cleanup --license licenses.txt","package:watch":"npm run package -- --watch","test":"npx jest","all":"npm run format:write && npm run lint && npm run test && npm run coverage && npm run package"},"license":"SEE LICENSE IN LICENSE","jest":{"preset":"ts-jest","verbose":true,"clearMocks":true,"testEnvironment":"node","moduleFileExtensions":["js","ts"],"testMatch":["**/*.test.ts"],"testPathIgnorePatterns":["/node_modules/","/dist/"],"transform":{"^.+\\\\.ts$":"ts-jest"},"coverageReporters":["json-summary","text","lcov"],"collectCoverage":true,"collectCoverageFrom":["./src/**"],"reporters":["default",["jest-junit",{"suiteName":"run-iq-cli unit tests","titleTemplate":"{title}","outputName":"run-iq-cli-test-results.xml","ancestorSeparator":" > "}]]},"dependencies":{"@actions/artifact":"^2.1.7","@actions/exec":"^1.1.1","@actions/glob":"^0.4.0","@actions/tool-cache":"^2.0.1","axios":"^1.7.7","semver":"^7.6.3"}}');
+module.exports = JSON.parse('{"name":"run-iq-cli","description":"GitHub Action to run IQ cli","version":"1.4.0","author":"sonatype","private":true,"homepage":"https://github.com/sonatype/actions/run-iq-cli","repository":{"type":"git","url":"git+https://github.com/sonatype/actions/run-iq-cli.git"},"bugs":{"url":"https://github.com/sonatype/actions/run-iq-cli/issues"},"keywords":["actions","node","setup"],"exports":{".":"./dist/index.js"},"engines":{"node":">=20"},"scripts":{"bundle":"npm run format:write && npm run package","ci-test":"npx jest","coverage":"npx make-coverage-badge --output-path ./badges/coverage.svg","format:write":"npx prettier --config ../.prettierrc.json --ignore-path ../.prettierignore --write .","format:check":"npx prettier --config ../.prettierrc.json --ignore-path ../.prettierignore --check .","lint":"npx eslint . -c ../.github/linters/.eslintrc.yml --ignore-path ../.eslintignore","package":"npx ncc build src/index.ts -o dist/main --license licenses.txt && npx ncc build src/cleanup.ts -o dist/cleanup --license licenses.txt","package:watch":"npm run package -- --watch","test":"npx jest","all":"npm run format:write && npm run lint && npm run test && npm run coverage && npm run package"},"license":"SEE LICENSE IN LICENSE","jest":{"preset":"ts-jest","verbose":true,"clearMocks":true,"testEnvironment":"node","moduleFileExtensions":["js","ts"],"testMatch":["**/*.test.ts"],"testPathIgnorePatterns":["/node_modules/","/dist/"],"transform":{"^.+\\\\.ts$":"ts-jest"},"coverageReporters":["json-summary","text","lcov"],"collectCoverage":true,"collectCoverageFrom":["./src/**"],"reporters":["default",["jest-junit",{"suiteName":"run-iq-cli unit tests","titleTemplate":"{title}","outputName":"run-iq-cli-test-results.xml","ancestorSeparator":" > "}]]},"dependencies":{"@actions/artifact":"^2.1.7","@actions/exec":"^1.1.1","@actions/glob":"^0.4.0","@actions/tool-cache":"^2.0.1","axios":"^1.7.7","semver":"^7.6.3"}}');

 /***/ })

--- a/setup-iq-cli/dist/main/index.js
+++ b/setup-iq-cli/dist/main/index.js
@@ -31343,7 +31343,7 @@ exports.IQ_CLI_JAR = 'sonatype-iq-cli.jar';
 exports.IQ_VERSION_TO_COMPLETE = '1.{iq-cli-version}.0-01';
 exports.DOWNLOAD_URL = 'https://download.sonatype.com/clm/scanner/nexus-iq-cli-{iq-cli-version}.jar';
 exports.MINIMUM_SUPPORTED_IQ_VERSION = 137;
-exports.LATEST_IQ_CLI_VERSION = '2.3.0-02'; // This should be updated to the latest IQ CLI version with each release
+exports.LATEST_IQ_CLI_VERSION = '2.4.0-01'; // This should be updated to the latest IQ CLI version with each release
 exports.IQ_CLI_VERSION = 'iq-cli-version';
 exports.IQ_CLI_DOWNLOAD_URL = 'iq-cli-download-url';