Project Ideas VulnerableCode ScanCode Toolkit GitHub Action - aboutcode-org/aboutcode GitHub Wiki

This project requires to have a public instance of VulnerableCode.

The goal is to create a GitHub action that would:

• scan the codebase for packages using SBOM tools like ScanCode-toolkit to collect purls
• verify whether each of the packages is vulnerable in VulnerableCode
• report these results and fail if there is a vulnerable package detected.

This requires to have code that can process these steps correctly. Ultimately the action could be resgistered with GitHub for easy use in a workflow.