Automated software composition analysis at scale

This GitHub App allows technical leads and security engineers to get visibility quickly into the security risks from known vulnerabilities in dependencies used across their entire application portfolio.

The App will set up the GitHub Action for Contrast SCA across all of the repositories to which you grant it access. This entails committing to the default branch a workflow file with the Action configured via secrets. If the default branch is protected, then a PR will be created to request a merge.

Any commits to the default branch or attempts to merge into the default branch will trigger the workflow. Results will be available as PR status checks, in the Actions logs, and in the Contrast web interface.

Note that you must be an Admin on at least one of the repositories in the GitHub organization on which you wish to install. Note that you must also have a Contrast account to complete the installation of this App, and the account's role must be Org Editor at minimum.

See Contrast Documentation for more details. You can also email support@contrastsecurity.com for any assistance.