Skip to content
check

GitHub Action

dep-scan

v4 Latest version

dep-scan

check

dep-scan

dep-scan is a fully open-source security audit tool for project dependencies based on known vulnerabilities and advisories

Installation

Copy and paste the following snippet into your .yml file.

              
- name: dep-scan

              
  uses: AppThreat/dep-scan-action@v4
Learn more about this action in AppThreat/dep-scan-action
Choose a version

Introduction

This action wraps dep-scan, a fully open-source security audit tool for project dependencies based on known vulnerabilities and advisories. The output is fully compatible with grafeas.

Usage

With minimal configuration

- uses: AppThreat/dep-scan-action@master
  env:
    VDB_HOME: ${{ github.workspace }}/db
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Upload reports to build artifacts

- uses: AppThreat/dep-scan-action@master
  env:
    VDB_HOME: ${{ github.workspace }}/db
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/upload-artifact@v1
  with:
    name: reports
    path: reports