feat: add min_level input to filter ZAP scan alerts by severity

[Yash7256]

Summary

Adds a new min_level input that allows users to filter ZAP scan alerts
by minimum severity level, reducing noise in GitHub issues created by the action.

Problem

#9

Currently the action reports ALL alert levels including INFO and LOW findings.
This floods issue trackers with low-priority noise and makes it harder to focus
on critical vulnerabilities. Users have no way to say "only report WARN and above."

Solution

The underlying zap-full-scan.py already supports a -l flag for minimum alert
level. This PR exposes that flag as a new optional min_level input and wires
it through to the ZAP Docker command.

Changes

• action.yml — added min_level input (optional, defaults to '')
• index.js — reads input, validates against allowed levels, builds -l flag
• dist/index.js — rebuilt bundle

Usage

- name: ZAP Full Scan
  uses: zaproxy/action-full-scan@v0.11.0
  with:
    target: 'https://example.com'
    min_level: 'WARN'  # Only create issues for WARN and FAIL alerts

Valid values

PASS, IGNORE, INFO, WARN, FAIL

Invalid values are ignored with a warning and the scan runs without the -l flag,
preserving existing behaviour.

Testing

Validation logic tested locally:

• WARN → -l WARN appended to command
• fail → -l FAIL (uppercased correctly)
• HIGH → warning logged, flag ignored
• invalid → warning logged, flag ignored
• '' → no flag added, existing behaviour preserved

[psiinon]

Checkmarx One – Scan Summary & Details – 8bb0b39a-357f-4ac1-abfe-6d2e34d071f6

Great job! No new security vulnerabilities introduced in this pull request

---

Use @Checkmarx to interact with Checkmarx PR Assistant.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR

[thc202]

See #9 (comment). You can also pass all the flags you need through cmdOptions.

[Yash7256]

Thanks for the pointer! Understood, I missed that cmdOptions already covers this.