Skip to content
OWASP dep-scan demo

Update owasp-dep-scan.yml #6

Sign in to view logs

Update owasp-dep-scan.yml

Update owasp-dep-scan.yml #6

Workflow file for this run

.github/workflows/owasp-dep-scan.yml at fb772cf
name: OWASP dep-scan demo
on:
push:
branches: ["main"]
jobs:
scan:
name: Create SBOM of .NET solution
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install and set up ORAS
uses: oras-project/setup-oras@v1
- name: Download vulnerability DB and dep-scan
env:
VDB_HOME: "vdb_data"
run: |
mkdir -p $VDB_HOME
oras pull ghcr.io/appthreat/vdb:v5 -o $VDB_HOME
oras pull ghcr.io/appthreat/depscan:v4 -o $VDB_HOME
- name: Run depscan
env:
VDB_HOME: "vdb_data"
FETCH_LICENSE: true
run: |
cd src
$VDB_HOME/depscan --src ReactAndAspNetCoreApp.sln --reports-dir ./reports --csaf --profile license-compliance
- uses: actions/upload-artifact@v4
with:
path: ./reports