Giters

revolunet / dependabotalerts-action

Fetch Github dependabot vulnerabilities from GraphQL API and report results as JSON.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

dependabotalerts-action

units-test

Github action that fetches Github dependabot security alerts and report results as JSON.

Usage

First, you need to store your repository read-only token in repo secrets as DEPENDABOTALERTS_TOKEN.

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: "MTES-MCT/dependabotalerts-action@main"
        with:
          token: ${{ secrets.DEPENDABOTALERTS_TOKEN }}
          repositories: 'MTES-MCT/dashlord,MTES-MCT/dependabotalerts-action'
          output: dependabotalerts.json

Hacking

To test locally, install act. Put secrets DEPENDABOTALERTS_TOKEN=*** in .secrets file. Launch:

npm run all
act -j test

About

Fetch Github dependabot vulnerabilities from GraphQL API and report results as JSON.

License:MIT License

Languages

Language:JavaScript 100.0%