Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/zupit/owldency
Action that checks if your application uses dependencies with known vulnerabilities.
https://github.com/zupit/owldency
dependency-analysis github-action gradle java javascript maven npm
Last synced: about 2 months ago
JSON representation
Action that checks if your application uses dependencies with known vulnerabilities.
- Host: GitHub
- URL: https://github.com/zupit/owldency
- Owner: ZupIT
- License: apache-2.0
- Created: 2021-04-15T18:40:16.000Z (over 3 years ago)
- Default Branch: master
- Last Pushed: 2021-04-20T14:45:47.000Z (over 3 years ago)
- Last Synced: 2023-04-10T05:12:30.694Z (over 1 year ago)
- Topics: dependency-analysis, github-action, gradle, java, javascript, maven, npm
- Language: JavaScript
- Homepage:
- Size: 119 KB
- Stars: 6
- Watchers: 5
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
Owldency - Vulnerable Dependencies Hunter
[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
Owldency is a GitHub action that checks if your application uses dependencies with known vulnerabilities. Actually it supports applications that use [Maven](https://maven.apache.org/), [Gradle](https://gradle.org/), and [npm](https://www.npmjs.com/) as the package manager. Under the hood, it uses [OWASP Dependency-Check](https://owasp.org/www-project-dependency-check/) and [npm audit](https://docs.npmjs.com/cli/v7/commands/npm-audit) to check the dependencies.
Finishing the analysis, Owldency will generate an artifact that has a HTML file containing the results. For applications that use Maven or Gradle, the HTML file will be generated by [OWASP Dependency-Check](https://owasp.org/www-project-dependency-check/), and for applications that use npm, it will be generated by [npm-audit-html](https://www.npmjs.com/package/npm-audit-html) plugin.
---
UsageThe simplest way to add Owldency in your workflow is just adding it as a step of your current workflow.
```yaml
- name: Owldency
uses: ZupIT/owldency@v1
```
Pre-requisitesIf you are using [Maven](https://maven.apache.org/) or [Gradle](https://gradle.org/) as your package manager, you must add the [OWASP dependency-check plugin](https://jeremylong.github.io/DependencyCheck/modules.html) in your dependency manager file because the results will be much more accurate. If you're using [npm](https://www.npmjs.com/), you can skip this section.
#### Maven Plugin Example - `pom.xml`
```xml
org.owasp
dependency-check-maven
6.1.2
HTML
JSON
check
```
#### Gradle Plugin Example - `build.gradle`
```gradle
plugins {
id 'org.owasp.dependencycheck' version '6.1.2'
}dependencyCheck {
formats = ['HTML', 'JSON']
}
```Take care with your `.gitignore` file, because this action needs `gradlew` file to execute dependency-check plugin, if your `.gitignore` file is ignoring `gradle-wrapper.jar` and `gradle-wrapper.properties`, this action will not run as expected.
---
Workflow Example```yaml
name: Owldencyon: push
jobs:
owldency:
runs-on: ubuntu-lateststeps:
- name: Checkout
uses: actions/checkout@v2- name: Owldency
uses: ZupIT/owldency@v1
```---
Licenses[Owldency](https://github.com/ZupIT/owldency) project icons made by [Freepik](https://www.flaticon.com/authors/freepik), [Roundicons](https://www.flaticon.com/authors/roundicons), [Icongeek26](https://www.flaticon.com/authors/icongeek26) and [Darius Dan](https://www.flaticon.com/authors/darius-dan) from [Flaticon](https://www.flaticon.com/). The source code is licensed under [Apache-2.0](https://opensource.org/licenses/Apache-2.0).