A GitHub Action that scans your repository for dependencies and security vulnerabilities using the TrustSource ts-scan tool.
- Scans multiple dependency management systems (NPM, Maven, Gradle, Python, Nuget)
- Runs in a secure Docker container
- Easy integration with existing workflows
| Input | Description | Required |
|---|---|---|
api_key |
TrustSource API key for authentication | Yes |
project_name |
Name of the project to scan in TrustSource | Yes |
name: Dependency Scan
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
dependency-scan:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run TrustSource Scan
uses: TrustSource/ts-scan-action@v1
with:
project_name: 'my-awesome-project'
api_key: ${{ secrets.TRUSTSOURCE_API_KEY }}- Log in to your TrustSource account
- Navigate to your account settings (Administration/Scanners&API Keys)
- Generate or copy your API key
- Go to your repository settings
- Navigate to "Secrets and variables" → "Actions"
- Click "New repository secret"
- Name:
TRUSTSOURCE_API_KEY - Value: Your TrustSource API key
Create .github/workflows/security-scan.yml in your repository with the usage example above.
The action has full access to the repository content where it's executed, allowing it to:
- Read dependency files
- Analyze project structure
- Access source code for scanning
This project is licensed under the terms specified in the LICENSE file.
For issues related to:
- GitHub Action: Create an issue in this repository
- TrustSource Platform: Contact TrustSource support
- TS-Scan Tool: Refer to TrustSource documentation