HackerNews中文版HackerNews CN
GitHubTwitter

Scanoss GitHub Actions 增加了依赖项跟踪集成

2作者: scanosss3 个月前原帖
SCANOSS GitHub Actions 集成已扩展以支持 Dependency Track。<p>此更新使您能够:<p>– 将扫描结果转换为 CycloneDX SBOM<br>– 将结果作为工件上传<br>– 在工作流中直接应用 Dependency Track 策略<p>相同的功能也在 SCANOSS Python CLI 中得到支持:<p>scanoss-py export dt<br>scanoss-py ins dt<p>仓库 → https://github.com/scanoss/gha-code-scan
查看原文
The SCANOSS GitHub Actions integration has been extended to support Dependency Track.<p>This update lets you:<p>– Convert scan results into CycloneDX SBOMs – Upload results as artifacts – Apply Dependency Track policies directly in the workflow<p>The same capabilities are also supported in theSCANOSS Python CLI:<p>scanoss-py export dt scanoss-py ins dt<p>Repo → https:&#x2F;&#x2F;github.com&#x2F;scanoss&#x2F;gha-code-scan