dependabotalerts-action
Github action that fetches Github dependabot security alerts and report results as JSON.
Usage
First, you need to store your repository read-only token in repo secrets as DEPENDABOTALERTS_TOKEN
.
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: "MTES-MCT/dependabotalerts-action@main"
with:
token: ${{ secrets.DEPENDABOTALERTS_TOKEN }}
repositories: 'MTES-MCT/dashlord,MTES-MCT/dependabotalerts-action'
output: dependabotalerts.json
Hacking
To test locally, install act. Put secrets DEPENDABOTALERTS_TOKEN=***
in .secrets
file.
Launch:
npm run all
act -j test