This action scans the target respository and extracts the dependency file(SBOM) for the same and eventually comes up with a list of depenendency both direct and transitive. Further, this list of dependencies is saved to a GCP bucket. Also this SBOM(dependency list) is used to generate the vunerability list(VAX). This VAX file is finally available to the client in their GCP bucket.
Required Service Account Credential for the GCP Account.
Required GitHub Token for accessing contents of the repository.
Required Repository Owner Name.
Required Name of the Repo to be scanned.
Defines input to the Action.
Core logic of the plugin.
Defines project configuration.
Auto generated complete depednecy tree.