This action checks for Dependabot security alerts and notifies in slack.
Required Your slack access token for the bot.
Required Channel where to post the notification.
Required GitHub token to execute the GraphQL query for repository.
Required Name of repository to check.
name: Dependabot vulnerabilities
on:
schedule:
- cron: '0 8 * * 1-5'
jobs:
testnotify:
name: Notify
runs-on: ubuntu-latest
steps:
- name: Notify
id: vulnerability_alerts_github_action
uses: phrase/vulnerability_alerts_github_action@85ca43c872b642ab4e692cb573cc6f496753e4cf
with:
slack-token: ${{ secrets.SLACK_VULNERABILITIES_NOTIFICATIONS_TOKEN }}
slack-channel: ${{ secrets.SLACK_TEAM_INTEGRATIONS_CHANNEL }}
github-token: ${{ secrets.GH_VULNERABILITIES_ACTION_TOKEN }}
github-repository: ${{ github.repository }}