{"id":36750390,"url":"https://github.com/octodemo/ghas-policy-as-code","last_synced_at":"2026-01-12T12:43:33.796Z","repository":{"id":40271444,"uuid":"389740787","full_name":"octodemo/ghas-policy-as-code","owner":"octodemo","description":null,"archived":false,"fork":false,"pushed_at":"2025-05-16T19:21:50.000Z","size":28950,"stargazers_count":1,"open_issues_count":24,"forks_count":7,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-16T20:29:10.808Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/octodemo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-07-26T19:04:51.000Z","updated_at":"2021-12-13T20:31:44.000Z","dependencies_parsed_at":"2025-05-16T20:34:57.225Z","dependency_job_id":null,"html_url":"https://github.com/octodemo/ghas-policy-as-code","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/octodemo/ghas-policy-as-code","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/octodemo%2Fghas-policy-as-code","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/octodemo%2Fghas-policy-as-code/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/octodemo%2Fghas-policy-as-code/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/octodemo%2Fghas-policy-as-code/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/octodemo","download_url":"https://codeload.github.com/octodemo/ghas-policy-as-code/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/octodemo%2Fghas-policy-as-code/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28338983,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-12T12:22:26.515Z","status":"ssl_error","status_checked_at":"2026-01-12T12:22:10.856Z","response_time":98,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-12T12:43:32.955Z","updated_at":"2026-01-12T12:43:33.769Z","avatar_url":"https://github.com/octodemo.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Demo GHAS \n\nCode Scanning Alerts \u0026 Dependency Alerts on non-default Branches\n\n#### WebGoat 8: A deliberately insecure Web Application\n\nThis is a copy of WebGoatm, a deliberately insecure web application maintained by [OWASP](http://www.owasp.org/) designed to teach web\napplication security lessons.\n\n#### :rotating_light: Do not use it to demo features not related to GHAS Code Scanning and Vulnerabilities alerts on non-default branches\n\nThis program is a demonstration of common server-side application flaws. The\nexercises are intended to be used by people to learn about application security and\npenetration testing techniques.\n\n**WARNING 1:** *While running this program your machine will be extremely\nvulnerable to attack. You should disconnect from the Internet while using\nthis program.*  WebGoat's default configuration binds to localhost to minimize\nthe exposure.\n\n**WARNING 2:** *This program is for educational purposes only. If you attempt\nthese techniques without authorization, you are very likely to get caught. If\nyou are caught engaging in unauthorized hacking, most companies will fire you.\nClaiming that you were doing security research will not work as that is the\nfirst thing that all hackers claim.*\n\n## How to use it\nIn order to install and run it, check out the [original demo](https://github.com/octodemo/WebGoat) created by @bas\n\n#### `codeql.yml`\nWorkflow with the CodeQL analysis. Runs at 0:00 UTC on Sunday.\n\nYou can check the results of its runs on the [Security Tab](https://github.com/octodemo/demo-vulnerabilities-ghas/security/code-scanning).\n\n#### `dependencies.yml`\nWorkflow that checks every new PR that changes dependencies files. If the PR introduces dependencies with known vulnerabilities, it fails. PRs that don't change dependencies are not checked.\n\nUses [this Action](https://github.com/marketplace/actions/scan-a-pr-for-vulnerable-dependencies) to perform the analysis on non-default branches. The Action uses GitHub's [SecurityVulnerability API](https://developer.github.com/v4/object/securityvulnerability/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foctodemo%2Fghas-policy-as-code","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foctodemo%2Fghas-policy-as-code","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foctodemo%2Fghas-policy-as-code/lists"}