GitHub Action
Dependabot CISA Known Exploitable Vulnerabilities
v0
Latest version
Dependabot CISA Known Exploitable Vulnerabilities
Dependabot CISA Known Exploitable Vulnerabilities
Detect dependabot alerts against the list of CISA KEV CVE's
Installation
Copy and paste the following snippet into your .yml file.
- name: Dependabot CISA Known Exploitable Vulnerabilities
uses: advanced-security/dependabot-kev-action@v0
Action to detect if any open Dependabot alert CVEs are in the list of CISA Known Exploitable Vulnerabilities Catalog and fail the workflow.
name: 'Dependabot KEV Action'
on: [push]
jobs:
dependabot-kev-action:
name: 'CISA KEV Compliance Check'
runs-on: ubuntu-latest
steps:
- name: 'KEV Policy'
uses: advanced-security/dependabot-kev-action@v0
env:
GITHUB_TOKEN: ${{ secrets.DEPENDABOT_KEV_GITHUB_TOKEN }}
Required Credentials
- GITHUB_TOKEN
- Classic Tokens
- repo scope or security_events scope. For public repositories, you may instead use the public_repo scope.
- Fine-grained personal access token permissions
- Read-Only - Dependabot Alerts
- Classic Tokens