Onboard Contrast SCA

[contrast-security-sca]

The installation of the GitHub App from Contrast Security automatically created this PR.

This PR automates the security analysis of dependencies so that vulnerabilities can be detected and resolved during code review rather than after detection or exploitation in testing or production environments.

What’s New

You will now find a workflow file in the repository that leverages GitHub Actions from Contrast Security.

• These Actions run a fingerprint step to detect relevant project manifests (for example, pom.xml and package.json files) and contain audit steps to analyze each of those manifests to detect the vulnerabilities.
• Any commits to the default branch and PRs created to merge into the default branch will trigger the workflow file. In addition, you can manually trigger the workflow.
• If the workflow is triggered by the creation or update of a PR, a status check is added. The status check will be a green check mark ✅ to indicate no critical vulnerable dependencies found or a red cross mark ❌ otherwise.

Secrets and variables

The GitHub App creates repository secrets and Actions variables for use in the workflow so results are sent to the correct Contrast account. Closing this PR will require these secrets and variables to be manually deleted. However, performing the delete operation on the integration for this repository from the Contrast portal will automatically close this PR and remove the secrets and variables.