dependabotalerts-action

Github action that fetches Github dependabot security alerts and report results as JSON.

Usage

First, you need to store your repository read-only token in repo secrets as DEPENDABOTALERTS_TOKEN.

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: "MTES-MCT/dependabotalerts-action@main"
        with:
          token: ${{ secrets.DEPENDABOTALERTS_TOKEN }}
          repositories: 'MTES-MCT/dashlord,MTES-MCT/dependabotalerts-action'
          maxAlerts: 20
          output: dependabotalerts.json

Hacking

To test locally, install act. Put secrets DEPENDABOTALERTS_TOKEN=*** in .secrets file. Launch:

npm run all
act -j units # unit tests
act -j action # test Github action locally

Name		Name	Last commit message	Last commit date
Latest commit History 23 Commits
.github/workflows		.github/workflows
dist		dist
src		src
.eslintignore		.eslintignore
.eslintrc.json		.eslintrc.json
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
action.yml		action.yml
package-lock.json		package-lock.json
package.json		package.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

dependabotalerts-action

Usage

Hacking

About

Releases

Packages

Languages

License

zhouzi/dependabotalerts-action

Folders and files

Latest commit

History

Repository files navigation

dependabotalerts-action

Usage

Hacking

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages