Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/zupit/owldency

Action that checks if your application uses dependencies with known vulnerabilities.
https://github.com/zupit/owldency

dependency-analysis github-action gradle java javascript maven npm

Last synced: about 2 months ago
JSON representation

Action that checks if your application uses dependencies with known vulnerabilities.

Awesome Lists containing this project

README

        




Owldency - Vulnerable Dependencies Hunter

[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)

Owldency is a GitHub action that checks if your application uses dependencies with known vulnerabilities. Actually it supports applications that use [Maven](https://maven.apache.org/), [Gradle](https://gradle.org/), and [npm](https://www.npmjs.com/) as the package manager. Under the hood, it uses [OWASP Dependency-Check](https://owasp.org/www-project-dependency-check/) and [npm audit](https://docs.npmjs.com/cli/v7/commands/npm-audit) to check the dependencies.

Finishing the analysis, Owldency will generate an artifact that has a HTML file containing the results. For applications that use Maven or Gradle, the HTML file will be generated by [OWASP Dependency-Check](https://owasp.org/www-project-dependency-check/), and for applications that use npm, it will be generated by [npm-audit-html](https://www.npmjs.com/package/npm-audit-html) plugin.

---


Usage icon Usage

The simplest way to add Owldency in your workflow is just adding it as a step of your current workflow.

```yaml
- name: Owldency
uses: ZupIT/owldency@v1
```


Pre-requisites icon Pre-requisites

If you are using [Maven](https://maven.apache.org/) or [Gradle](https://gradle.org/) as your package manager, you must add the [OWASP dependency-check plugin](https://jeremylong.github.io/DependencyCheck/modules.html) in your dependency manager file because the results will be much more accurate. If you're using [npm](https://www.npmjs.com/), you can skip this section.

#### Maven Plugin Example - `pom.xml`

```xml

org.owasp
dependency-check-maven
6.1.2


HTML
JSON





check


```

#### Gradle Plugin Example - `build.gradle`

```gradle
plugins {
id 'org.owasp.dependencycheck' version '6.1.2'
}

dependencyCheck {
formats = ['HTML', 'JSON']
}
```

Take care with your `.gitignore` file, because this action needs `gradlew` file to execute dependency-check plugin, if your `.gitignore` file is ignoring `gradle-wrapper.jar` and `gradle-wrapper.properties`, this action will not run as expected.

---


GitHub Actions icon Workflow Example

```yaml
name: Owldency

on: push

jobs:
owldency:
runs-on: ubuntu-latest

steps:
- name: Checkout
uses: actions/checkout@v2

- name: Owldency
uses: ZupIT/owldency@v1
```

---


Licenses icon Licenses

[Owldency](https://github.com/ZupIT/owldency) project icons made by [Freepik](https://www.flaticon.com/authors/freepik), [Roundicons](https://www.flaticon.com/authors/roundicons), [Icongeek26](https://www.flaticon.com/authors/icongeek26) and [Darius Dan](https://www.flaticon.com/authors/darius-dan) from [Flaticon](https://www.flaticon.com/). The source code is licensed under [Apache-2.0](https://opensource.org/licenses/Apache-2.0).