Skip to content

debricked/actions

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits

.github/workflows

.github/workflows

 
 

cache

cache

 
 

callgraph-non-docker

callgraph-non-docker

 
 

callgraph

callgraph

 
 

docker-callgraph

docker-callgraph

 
 

docker-fingerprint

docker-fingerprint

 
 

docker-resolve

docker-resolve

 
 

docker-scan

docker-scan

 
 

fingerprint-non-docker

fingerprint-non-docker

 
 

fingerprint

fingerprint

 
 

non-docker

non-docker

 
 

resolve-non-docker

resolve-non-docker

 
 

resolve

resolve

 
 

scan-non-docker

scan-non-docker

 
 

test-files

test-files

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

action.yml

action.yml

 
 

Repository files navigation

GitHub Actions for Debricked

This repository contains the source code for our GitHub Actions.

Remember that we also provide a GitHub integration as a GitHub App, which is used to create automatic Pull Requests with root fixes.

You can always find documentation for our different ways of integrating with Debricked at our Debricked documentation.

Usage

Scan

You can use the action debricked/actions@v3 to scan your repository. The action needs one environmental variable: DEBRICKED_TOKEN, to be set to your Debricked API token. You should store it in a secret variable under Settings - Secrets in your repository, so it doesn't leak through the logs!

This is an example workflow file which uses our Docker image:

name: Vulnerability scan

on: [push]

jobs:
  vulnerabilities-scan:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v3
      - uses: debricked/actions@v3
        env:
          DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN }}

But it is also possible to run it standalone, making it possible for you to customise the runtime environment:

name: Vulnerability scan

on: [push]

jobs:
  vulnerabilities-scan:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v3
      - uses: debricked/actions/cache@v3
      - uses: debricked/actions/scan-non-docker@v3
        env:
          DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN }}

When scanning, the High Performance resolution is enabled by default but can be disabled using the --no-resolve flag

scan command also supports a number of different flags which will help you to adjust scan behavior to your needs. You can find out more about them on Debricked Portal

Resolve

This command analyses your project to find eligible manifest files, that do not have related lock files, and uses them to generate the appropriate Debricked lock files.

Example workflow using our Docker image:

name: Debricked resolve

on: [push]

jobs:
  resolve:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v3
      - uses: debricked/actions/resolve@v3
        env:
          DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN }}

Example workflow without Docker:

name: Debricked resolve

on: [push]

jobs:
  resolve:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v3
      - uses: debricked/actions/cache@v3
      - uses: debricked/actions/resolve-non-docker@v3
        env:
          DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN }}

You can read more about resolve command on High Performance Scan: faster, more accurate, and more secure dependency scanning page

And you can find out more about flags supported by resolve command on Debricked Portal

About

Github Actions for integrating with Debricked

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

12 stars

Watchers

5 watching

Forks

2 forks
Report repository

Releases 10

Add Fingerprint action Latest
May 27, 2024
+ 9 releases

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •