Add GitHub (and GHE) integration point

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

https://dependencytrack.org/

Apache License 2.0

2.71k stars 579 forks source link

Add GitHub (and GHE) integration point #908

Open stevespringett opened 3 years ago

stevespringett commented 3 years ago

Github.com and GHE should be supported as an integration point where findings can be delivered. In the case of GitHub, the findings format will need to be SARIF.

This will operate similar to the existing support for Kenna Security and Fortify SSC.

stevespringett commented 3 years ago

This enhancement requires #909 be implemented first.