OWASP Dependency Track Github Action

• This GitHub action enables the direct use of a Dependency Track OWASP instance to analyze the source code of our projects in a very convenient way, without requiring neither any human action nor additional service.
• When the code is uploaded or merged to a repository the action is triggered and the vulnerability analysis performed.
• The result is provided and can be used directly within the CD/CI process, for example to prevent users from pushing code with known vulnerabilities. Additionally it also checks the licenses of the added libraries.

Input(s):

• Source code of any programming code hosted in Github. DT OWASP instance URL and API key

Main feature(s):

• It creates a Bill of Materials (BoM) of the source code of a project, uploads it to a OWASP Dependency Track Instance and provides the result within the CI/CD cycle

Output(s):

• It provides a risk score derived from the library versions used in the project

It is required an DT OWASP deployed accessible from Internet with valid certificates.

Any developer

Open Source project, public action in Github, MIT license.