forked from Quobis/action-owasp-dependecy-track-check
-
Notifications
You must be signed in to change notification settings - Fork 0
/
example-action.yaml
34 lines (27 loc) · 1.17 KB
/
example-action.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# This is a basic workflow to help you get started with Actions
name: CI
# Controls when the action will run.
on: [push]
# Allows you to run this workflow manually from the Actions tab
# workflow_dispatch:
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
build:
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v2
# Generates a BoM and uploads it to OWASP Dependency Track
- name: Generates BoM and upload to OWASP DTrack
id: riskscoreFromDT
uses: Quobis/action-owasp-dependecy-track-check@main
with:
url: 'https://dtrack.quobis.com'
key: '${{ secrets.SECRET_OWASP_DT_KEY }}'
language: 'golang'
# Show the risk score output
- name: Get the output time
run: echo "The risk score of the project is ${{ steps.riskscoreFromDT.outputs.riskscore }}"