Issued: December 11, 2025
To ensure uninterrupted scanning operations and to deliver the latest security patches and stability improvements, we are updating our guidance for support versions of the Contrast Scan GitHub Action and the Local Scan Runner.
What's changing?
We have identified that some pipelines are pinned to older, unsupported versions of our scanner (such as v1.0.0). We are updating our guidance to ensure all customers are using the latest stable major versions.
Versions such as v1.0.0 are no longer supported. Please update to use the new @v1 tag. This tag will automatically pull the latest updates (v1.x.x) without breaking your build. This ensures your application security scans are accurate and reliable.
If customers are still using unsupported version as of January 1, 2026, these scans may no longer function as desired.
What does this mean for you?
-
If you use the Contrast Scan GitHub Action
Update your workflow YAML to reference the latest scanner automatically:
- uses: Contrast-Security-OSS/contrast-local-scan-action@v1.0.0 + uses: Contrast-Security-OSS/contrast-local-scan-action@v1 -
If you use the Contrast Scan Local Runner (Direct Execution)
If you invoke the local runner directly (e.g., via a shell script or a different CI tool):- Ensure you are not downloading or executing a specific deprecated version (e.g.,
local-scan-runner-1.0.0.jar) - Update your scripts to fetch the latest available release to ensure ongoing support and security accuracy.
- Ensure you are not downloading or executing a specific deprecated version (e.g.,
For additional information about our support policy, check our Support Reference Guide. If you have any questions, concerns, or would like to discuss this issue further, please don't hesitate to reach out to us at support@contrastsecurity.com.