-
Notifications
You must be signed in to change notification settings - Fork 109
Project Ideas VulnerableCode ScanCode Toolkit GitHub Action
Philippe Ombredanne edited this page Mar 1, 2022
·
1 revision
This project requires to have a public instance of VulnerableCode.
The goal is to create a GitHub action that would:
- scan the codebase for packages using SBOM tools like ScanCode-toolkit to collect purls
- verify whether each of the packages is vulnerable in VulnerableCode
- report these results and fail if there is a vulnerable package detected.
This requires to have code that can process these steps correctly. Ultimately the action could be resgistered with GitHub for easy use in a workflow.