Dependency Risk Identification Gitlab Component
This workflow identifies potential security vulnerabilities in a project's dependencies. It requires a Software Bill of Materials (SBOM) as input to analyze and ensure that all dependencies are secure and up to date.
The dependency-risk-identification component accepts the following inputs:
| Name | Description | Required | Default Value |
|---|---|---|---|
api_url | The DevGuard API URL | No | https://api.devguard.org |
asset_name | Name of the asset to scan | Yes | |
token | API token for authenticating with DevGuard | Yes | |
scan_stage | The stage where the scan is run | No | test |
runner_tags | The runner tags used to select appropriate CI runners. | No | "" |
sbom_file | The SBOM file to use for the scan | No | test |
needs | The jobs that this job depends on | No | "" |
dependencies | Specifies the jobs whose artifacts this job relies on | No | "" |
scanner_id | The ID of the scanner used to generate the SBOM | No | "sbom-upload" |
Usage Examples:
If you have the sbom in the repository:
if you have the sbom in an artifact from a previous job: