diff --git a/action.yml b/action.yml
index 1b9ab39..fc3e632 100644
--- a/action.yml
+++ b/action.yml
@@ -69,6 +69,9 @@ inputs:
   offline:
     description: 'Skip all CodeCargo API communication (audit upload and policy fetch)'
     default: 'false'
+  job-id:
+    description: 'The check run ID of the current job (populated from the workflow context by default; override if needed)'
+    default: ${{ job.check_run_id }}
 
 outputs:
   supported:
diff --git a/dist/main/index.js b/dist/main/index.js
index d9c0c66..670f22f 100644
--- a/dist/main/index.js
+++ b/dist/main/index.js
@@ -21513,7 +21513,7 @@ var os6 = __toESM(require("os"));
 var path4 = __toESM(require("path"));
 var INSTALL_DIR = "/usr/local/bin";
 var BINARY_NAME = "cargowall";
-var CARGOWALL_VERSION = "v1.0.0";
+var CARGOWALL_VERSION = "v1.0.1";
 async function setup() {
   const failOnUnsupported = getInput("fail-on-unsupported") === "true";
   const binaryPath = getInput("binary-path");
@@ -25886,6 +25886,8 @@ async function start() {
   if (githubServiceHosts) info(`  GitHub service hosts: ${githubServiceHosts}`);
   if (azureInfraHosts) info(`  Azure infra hosts: ${azureInfraHosts}`);
   if (configFile) info(`  Config file: ${configFile}`);
+  const jobId = getInput("job-id");
+  if (jobId) info(`  Job run ID: ${jobId}`);
   info(`  Sudo lockdown: ${sudoLockdown}`);
   info(`  DNS upstream: ${dnsUpstream}`);
   try {
diff --git a/dist/post/index.js b/dist/post/index.js
index d7820c1..cc793ff 100644
--- a/dist/post/index.js
+++ b/dist/post/index.js
@@ -25407,6 +25407,10 @@ async function generateSummary() {
       summaryArgs.push("--api-url", apiUrl);
       summaryArgs.push("--job-key", context2.job);
       summaryArgs.push("--job-name", currentJobName);
+      const jobId = getInput("job-id");
+      if (jobId) {
+        summaryArgs.push("--job-run-id", jobId);
+      }
       let effectiveMode = getInput("mode") || "enforce";
       try {
         const modeFromFile = (await import_fs6.promises.readFile("/tmp/cargowall-mode", "utf8")).trim();
@@ -25425,7 +25429,7 @@ async function generateSummary() {
         warning(
           `Failed to get OIDC token for API push. Ensure the workflow has "permissions: id-token: write". Error: ${error}`
         );
-        for (const flag of ["--api-url", "--job-key", "--job-name", "--mode", "--default-action", "--job-status"]) {
+        for (const flag of ["--api-url", "--job-key", "--job-name", "--job-run-id", "--mode", "--default-action", "--job-status"]) {
           const idx = summaryArgs.findIndex((a) => a === flag);
           if (idx !== -1) summaryArgs.splice(idx, 2);
         }
diff --git a/src/setup.ts b/src/setup.ts
index 077ddf5..b99aaaf 100644
--- a/src/setup.ts
+++ b/src/setup.ts
@@ -7,7 +7,7 @@ import * as path from 'path'
 
 const INSTALL_DIR = '/usr/local/bin'
 const BINARY_NAME = 'cargowall'
-const CARGOWALL_VERSION = 'v1.0.0'
+const CARGOWALL_VERSION = 'v1.0.1'
 
 export async function setup(): Promise<boolean> {
   const failOnUnsupported = core.getInput('fail-on-unsupported') === 'true'
diff --git a/src/start.ts b/src/start.ts
index 73588e2..677857c 100644
--- a/src/start.ts
+++ b/src/start.ts
@@ -170,6 +170,8 @@ export async function start(): Promise<{ supported: boolean; pid: number | null
   if (githubServiceHosts) core.info(`  GitHub service hosts: ${githubServiceHosts}`)
   if (azureInfraHosts) core.info(`  Azure infra hosts: ${azureInfraHosts}`)
   if (configFile) core.info(`  Config file: ${configFile}`)
+  const jobId = core.getInput('job-id')
+  if (jobId) core.info(`  Job run ID: ${jobId}`)
   core.info(`  Sudo lockdown: ${sudoLockdown}`)
   core.info(`  DNS upstream: ${dnsUpstream}`)
 
diff --git a/src/summary.ts b/src/summary.ts
index 47baf72..e6fa3c2 100644
--- a/src/summary.ts
+++ b/src/summary.ts
@@ -128,6 +128,10 @@ export async function generateSummary(): Promise<void> {
       summaryArgs.push('--api-url', apiUrl)
       summaryArgs.push('--job-key', github.context.job)
       summaryArgs.push('--job-name', currentJobName)
+      const jobId = core.getInput('job-id')
+      if (jobId) {
+        summaryArgs.push('--job-run-id', jobId)
+      }
 
       // Prefer the effective mode written by the Go binary (which may have
       // been overridden by the SaaS policy) over the static Action input.
@@ -156,7 +160,7 @@ export async function generateSummary(): Promise<void> {
           `Failed to get OIDC token for API push. Ensure the workflow has "permissions: id-token: write". Error: ${error}`
         )
         // Remove API-related args so the binary doesn't attempt an unauthenticated push
-        for (const flag of ['--api-url', '--job-key', '--job-name', '--mode', '--default-action', '--job-status']) {
+        for (const flag of ['--api-url', '--job-key', '--job-name', '--job-run-id', '--mode', '--default-action', '--job-status']) {
           const idx = summaryArgs.findIndex(a => a === flag)
           if (idx !== -1) summaryArgs.splice(idx, 2) // remove flag and its value
         }