search

ShiftLeftSecurity / sast-scan

Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
https://discord.gg/DCNxzaeUpd
Apache License 2.0
790 stars 110 forks source link

GHE support #344

Closed rofafor closed 2 years ago

rofafor commented 2 years ago

This action seems to be hardcoded against public GitHub and therefore working sub-optimally with GitHub Enterprise instances. These changes should enable GHE support.

Now, this action uses depscan, that's lacking the GHE support as wel. Take a look at https://github.com/AppThreat/vulnerability-db/blob/master/vdb/lib/config.py#L12

# GitHub advisory feed url
- gha_url = "https://api.github.com/graphql"
+ gha_url = os.getenv("GITHUB_GRAPHQL_URL", "https://api.github.com/graphql")
prabhu commented 2 years ago

@rofafor Thank you for the PR! Regarding advisories, any ideas if public vulnerabilities can be retrieved via github enterprise urls? I don't have a way of testing this yet so would rely on you for a PR for vulnerability-db.