GitHub Actions Vulnerability Code Scan Integration
SOOS integrates directly with your GitHub projects and offers a deep dependency tree scan for open source package vulnerabilities, license usage, and governance rules. Automate vulnerability scans of your GitHub projects when you execute a build or commit a change.
SCAN YOUR CODE
AND TRY FOR FREE!*
Unlimited Projects. Unlimited Users. Unlimited Scans.
No credit card is required.
Find. Prioritize. Fix. Monitor.
Open source intelligence and open source license management for all your teams.
How easy is SOOS GitHub Actions Integration?
It’s easy getting SOOS scans integrated with GitHub Actions.
From the SOOS app, click Integrate, go to CI/CD/Repo integrations, choose GitHub Actions, and follow the instructions. Upload the provided SOOS files to your repo, set up your environment variables, and add our GitHub Action to your workflow.
What else do you get with SOOS?
- Unlimited Projects
- Unlimited Users
- Unlimited Scans
- CI/CD Integrations
- Typo Detection
- Suggested Fixes
- Rich Vulnerability Management Dashboards
- SBOM generation
- Open Source License Management
- Issue Trackers
- Robust Governance Package
Integrations
We support major programming languages.
Java
Python
Ruby
.NET
JavaScript
PHP
Gradle
Rust
Dart
Homebrew
Elixir
ErlangSOOS builds a comprehensive database by following the deep dependency tree of any open source project to find reported vulnerabilities and remediations (including those found deep in open source code project repositories like Github security issues) which is used by SOOS’s cloud-based software vulnerability scanner. This means you don’t miss important warnings about libraries/packages you have included in your application. SOOS also supports vulnerability analysis for Node/NPM, RUBY, Java/Maven, and .NET/NuGet
