Skip to content
/ dependabotalerts-action Public

Fetch Github dependabot vulnerabilities from GraphQL API and report results as JSON.

License

MIT license
0 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

MTES-MCT/dependabotalerts-action

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits

.github/workflows

.github/workflows

 
 

dist

dist

 
 

src

src

 
 

.eslintignore

.eslintignore

 
 

.eslintrc.json

.eslintrc.json

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

action.yml

action.yml

 
 

package-lock.json

package-lock.json

 
 

package.json

package.json

 
 

Repository files navigation

dependabotalerts-action

units-test

Github action that fetches Github dependabot security alerts and report results as JSON.

Usage

First, you need to store your repository read-only token in repo secrets as DEPENDABOTALERTS_TOKEN.

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: "MTES-MCT/dependabotalerts-action@main"
        with:
          token: ${{ secrets.DEPENDABOTALERTS_TOKEN }}
          repositories: 'MTES-MCT/dashlord,MTES-MCT/dependabotalerts-action'
          maxAlerts: 20
          states: "OPEN,DISMISSED"
          output: dependabotalerts.json

Hacking

To test locally, install act. Put secrets DEPENDABOTALERTS_TOKEN=*** in .secrets file. Launch:

npm run all
act -j units # unit tests
act -j action # test Github action locally

About

Fetch Github dependabot vulnerabilities from GraphQL API and report results as JSON.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages