atomist/owasp-dependency-check
Scan projects using OWasp Dependency Check.
By default, detect pushes to repositories containing scannable projects. Scan the project dependencies and create a GitHub CheckRun with the scan results.
This creates consistent checks across all scannable repos.
Transact the evidence, which can be package url, or CPE based, that a project depends on some open source library. We also track the current mappings of CPEs, and package urls, to vulnerabilities. Although this changes over time. Our vulnerability risk assessment changes over time.
We also transact a discovery event when we've finished scanning a project a repo.
Created by Atomist. Need Help? Join our Slack workspace.