Skip to content
This repository has been archived by the owner on Feb 23, 2024. It is now read-only.

atomist-skills/owasp-dependency-check-skill

Repository files navigation

atomist/owasp-dependency-check

Scan projects using OWasp Dependency Check.

By default, detect pushes to repositories containing scannable projects. Scan the project dependencies and create a GitHub CheckRun with the scan results.

image

This creates consistent checks across all scannable repos.

Model

model

Transact the evidence, which can be package url, or CPE based, that a project depends on some open source library. We also track the current mappings of CPEs, and package urls, to vulnerabilities. Although this changes over time. Our vulnerability risk assessment changes over time.

We also transact a discovery event when we've finished scanning a project a repo.

Prerequisistes

  • GitHub app installation - we need an authorized installation to create check runs and to clone head commits that need scanning.
  • File indexer Skill - this skill activates when we discover certain kinds of project files in repos
  • Maven capability - scanning relies on credentials for private registries
  • NVD mirror - maintain a synchronized db of NVD

Created by Atomist. Need Help? Join our Slack workspace.