{"id":18830555,"url":"https://github.com/zupit/owldency","last_synced_at":"2025-04-14T04:31:42.814Z","repository":{"id":52850512,"uuid":"358358750","full_name":"ZupIT/owldency","owner":"ZupIT","description":"Action that checks if your application uses dependencies with known vulnerabilities.","archived":false,"fork":false,"pushed_at":"2021-04-20T14:45:47.000Z","size":122,"stargazers_count":6,"open_issues_count":0,"forks_count":1,"subscribers_count":5,"default_branch":"master","last_synced_at":"2023-04-10T05:12:30.694Z","etag":null,"topics":["dependency-analysis","github-action","gradle","java","javascript","maven","npm"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ZupIT.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-04-15T18:40:16.000Z","updated_at":"2023-04-10T05:12:30.695Z","dependencies_parsed_at":"2022-08-23T08:21:48.424Z","dependency_job_id":null,"html_url":"https://github.com/ZupIT/owldency","commit_stats":null,"previous_names":[],"tags_count":null,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ZupIT%2Fowldency","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ZupIT%2Fowldency/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ZupIT%2Fowldency/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ZupIT%2Fowldency/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ZupIT","download_url":"https://codeload.github.com/ZupIT/owldency/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223619755,"owners_count":17174416,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dependency-analysis","github-action","gradle","java","javascript","maven","npm"],"created_at":"2024-11-08T01:49:24.513Z","updated_at":"2024-11-08T01:49:25.188Z","avatar_url":"https://github.com/ZupIT.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n\u003ca href=\"https://github.com/ZupIT/owldency\"\u003e\n  \u003cimg src=\"./images/owl.png\" width=\"250\" /\u003e\n\u003c/a\u003e\n\n\u003ch1 align=\"center\"\u003eOwldency - Vulnerable Dependencies Hunter\u003c/h1\u003e\n\n[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n\nOwldency is a GitHub action that checks if your application uses dependencies with known vulnerabilities. Actually it supports applications that use [Maven](https://maven.apache.org/), [Gradle](https://gradle.org/), and [npm](https://www.npmjs.com/) as the package manager. Under the hood, it uses [OWASP Dependency-Check](https://owasp.org/www-project-dependency-check/) and [npm audit](https://docs.npmjs.com/cli/v7/commands/npm-audit) to check the dependencies.\n\nFinishing the analysis, Owldency will generate an artifact that has a HTML file containing the results. For applications that use Maven or Gradle, the HTML file will be generated by [OWASP Dependency-Check](https://owasp.org/www-project-dependency-check/), and for applications that use npm, it will be generated by [npm-audit-html](https://www.npmjs.com/package/npm-audit-html) plugin.\n\n---\n\n\u003ch2\u003e\n    \u003cimg src=\"./images/usage.svg\" alt=\"Usage icon\" width=\"25px\"/\u003e Usage\n\u003c/h2\u003e\n\nThe simplest way to add Owldency in your workflow is just adding it as a step of your current workflow.\n\n```yaml\n- name: Owldency\n  uses: ZupIT/owldency@v1\n```\n\n\u003ch3\u003e\n    \u003cimg src=\"./images/pre-requisites.svg\" alt=\"Pre-requisites icon\" width=\"25px\"/\u003e Pre-requisites\n\u003c/h3\u003e\n\nIf you are using [Maven](https://maven.apache.org/) or [Gradle](https://gradle.org/) as your package manager, you must add the [OWASP dependency-check plugin](https://jeremylong.github.io/DependencyCheck/modules.html) in your dependency manager file because the results will be much more accurate. If you're using [npm](https://www.npmjs.com/), you can skip this section.\n\n#### Maven Plugin Example - `pom.xml`\n\n```xml\n\u003cplugin\u003e\n  \u003cgroupId\u003eorg.owasp\u003c/groupId\u003e\n    \u003cartifactId\u003edependency-check-maven\u003c/artifactId\u003e\n    \u003cversion\u003e6.1.2\u003c/version\u003e\n    \u003cconfiguration\u003e\n      \u003cformats\u003e\n        \u003cformat\u003eHTML\u003c/format\u003e\n        \u003cformat\u003eJSON\u003c/format\u003e\n      \u003c/formats\u003e\n    \u003c/configuration\u003e\n    \u003cexecutions\u003e\n      \u003cexecution\u003e\n        \u003cgoals\u003e\n          \u003cgoal\u003echeck\u003c/goal\u003e\n        \u003c/goals\u003e\n      \u003c/execution\u003e\n    \u003c/executions\u003e\n\u003c/plugin\u003e\n```\n\n#### Gradle Plugin Example - `build.gradle`\n\n```gradle\nplugins {\n  id 'org.owasp.dependencycheck' version '6.1.2'\n}\n\ndependencyCheck {\n  formats = ['HTML', 'JSON']\n}\n```\n\nTake care with your `.gitignore` file, because this action needs `gradlew` file to execute dependency-check plugin, if your `.gitignore` file is ignoring `gradle-wrapper.jar` and `gradle-wrapper.properties`, this action will not run as expected.\n\n---\n\n\u003ch2\u003e\n    \u003cimg src=\"./images/github-actions-logo.svg\" alt=\"GitHub Actions icon\" width=\"25px\"/\u003e Workflow Example\n\u003c/h2\u003e\n\n```yaml\nname: Owldency\n\non: push\n\njobs:\n  owldency:\n    runs-on: ubuntu-latest\n\n    steps:\n    - name: Checkout\n      uses: actions/checkout@v2\n\n    - name: Owldency\n      uses: ZupIT/owldency@v1\n```\n\n---\n\n\u003ch2\u003e\n    \u003cimg src=\"./images/licenses.svg\" alt=\"Licenses icon\" width=\"25px\"/\u003e Licenses\n\u003c/h2\u003e\n\n[Owldency](https://github.com/ZupIT/owldency) project icons made by [Freepik](https://www.flaticon.com/authors/freepik), [Roundicons](https://www.flaticon.com/authors/roundicons), [Icongeek26](https://www.flaticon.com/authors/icongeek26) and [Darius Dan](https://www.flaticon.com/authors/darius-dan) from [Flaticon](https://www.flaticon.com/). The source code is licensed under [Apache-2.0](https://opensource.org/licenses/Apache-2.0).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzupit%2Fowldency","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzupit%2Fowldency","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzupit%2Fowldency/lists"}