Skip to content
package

GitHub Action

Dependabot CISA Known Exploitable Vulnerabilities

v0 Latest version

Dependabot CISA Known Exploitable Vulnerabilities

package

Dependabot CISA Known Exploitable Vulnerabilities

Detect dependabot alerts against the list of CISA KEV CVE's

Installation

Copy and paste the following snippet into your .yml file.

              

- name: Dependabot CISA Known Exploitable Vulnerabilities

uses: advanced-security/dependabot-kev-action@v0

Learn more about this action in advanced-security/dependabot-kev-action
Choose a version

Action to detect if any open Dependabot alert CVEs are in the list of CISA Known Exploitable Vulnerabilities Catalog and fail the workflow.

image

name: 'Dependabot KEV Action'
on: [push]

jobs:
  dependabot-kev-action:
    name: 'CISA KEV Compliance Check'
    runs-on: ubuntu-latest
    steps:
      - name: 'KEV Policy'
        uses: advanced-security/dependabot-kev-action@v0
        env:
            GITHUB_TOKEN: ${{ secrets.DEPENDABOT_KEV_GITHUB_TOKEN }}

Required Credentials

  • GITHUB_TOKEN
    • Classic Tokens
      • repo scope or security_events scope. For public repositories, you may instead use the public_repo scope.
    • Fine-grained personal access token permissions