Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/advanced-security/dependabot-kev-action
Action to detect if any open Dependabot alerts are in the CISA Known Exploited Vulnerabilities (KEV) Catalog of CVEs and fail the workflow.
https://github.com/advanced-security/dependabot-kev-action
Last synced: 2 months ago
JSON representation
Action to detect if any open Dependabot alerts are in the CISA Known Exploited Vulnerabilities (KEV) Catalog of CVEs and fail the workflow.
- Host: GitHub
- URL: https://github.com/advanced-security/dependabot-kev-action
- Owner: advanced-security
- License: mit
- Created: 2023-06-19T15:04:22.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-03-03T03:23:03.000Z (7 months ago)
- Last Synced: 2024-04-14T11:43:01.483Z (6 months ago)
- Language: PowerShell
- Homepage:
- Size: 23.4 KB
- Stars: 4
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE.txt
- Code of conduct: CODE_OF_CONDUCT.md
- Codeowners: CODEOWNERS
- Security: SECURITY.md
- Support: SUPPORT.md
Awesome Lists containing this project
README
Action to detect if any open Dependabot alert CVEs are in the list of [CISA Known Exploitable Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) and fail the workflow.
![image](https://user-images.githubusercontent.com/1760475/208767910-dc8e1192-d41e-489c-bf71-ea4df20025bf.png)
```yml
name: 'Dependabot KEV Action'
on: [push]jobs:
dependabot-kev-action:
name: 'CISA KEV Compliance Check'
runs-on: ubuntu-latest
steps:
- name: 'KEV Policy'
uses: advanced-security/dependabot-kev-action@v0
env:
GITHUB_TOKEN: ${{ secrets.DEPENDABOT_KEV_GITHUB_TOKEN }}
```## Required Credentials
* [GITHUB_TOKEN](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token)
* Classic Tokens
* repo scope or security_events scope. For public repositories, you may instead use the public_repo scope.
* Fine-grained personal access token permissions
* Read-Only - [Dependabot Alerts](https://docs.github.com/en/rest/overview/permissions-required-for-fine-grained-personal-access-tokens?apiVersion=2022-11-28#vulnerability-alerts)