This action uploads a software bill of materials file to a Dependency-Track server and retrieves vulnerability information and outputs to PR if the github action is triggered for a pull request.
Required Dependency-Track server host base url
Required Dependency-Track API key
Required Project name in Dependency-Track. Example: repository name
Required Project version in Dependency-Track. Example: the branch name of the PR, or the branch name on which the push event is triggered.
Automatically create project and version in Dependency-Track if it doesn't exist, default false
Required Path and filename of the BOM, example : bom.xml if it is located in root directory
Required Timeout in seconds to wait for analysis after uploading bom. Recommended: 10
Conditionally Required if action is on: pull_request. If you do not need to comment on PR, or if its only for on: push, this value can be ommitted. Example value is : ${{ github.event.pull_request.number }} for a pull request.
The full name of the repository containing the issue or pull request. Default value is ${{ github.repository }}
GITHUB_TOKEN or a repo scoped PAT. Default value is ${{ github.token }}
Possible Values are one of CRITICAL, HIGH, MEDIUM, LOW. Example: If MEDIUM then all vulnerabilities from MEDIUM and above fail check/task. If omitted, it will not fail check on any vulnerabilities found. PR will still show all vulnerabilities.
uses: neerajsu/[email protected]
with:
serverHostBaseUrl: 'https://depedency.server.url.company.com'
apikey: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
projectname: 'some-project-repository'
projectversion: 'feat/some-feature-branch'
autocreate: 'true'
bomFilePath: 'target/bom.xml'
timeoutInSecs: '10'
prNumber: ${{ github.event.pull_request.number }}uses: neerajsu/[email protected]
with:
serverHostBaseUrl: 'https://depedency.server.url.company.com'
apikey: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
projectname: 'some-project-repository'
projectversion: 'main'
bomFilePath: 'target/bom.xml'
timeoutInSecs: '10'
failOnSeverityLevel: 'CRITICAL'