Skip to content
You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
play

GitHub Action

TrustyPkg Action

v0.0.1 Pre-release

TrustyPkg Action

play

TrustyPkg Action

Run Trusty against your dependencies for supply chain risks

Installation

Copy and paste the following snippet into your .yml file.

 
              
- name: TrustyPkg Action

              
  uses: stacklok/[email protected]
Learn more about this action in stacklok/trusty-action

Choose a version

Trusty Dependency Analysis Action

This action takes any added dependencies within a pull request and assesses their quality using the Trusty API. If any dependencies are found to be below a certain threshold (See details below), the action will fail.

If any dependencies are malicious, or deprecated, the action will also fail.

Full Language Support (inline with Trusty):

  • Python
  • JavaScript
  • Java
  • Rust
  • Go

Inputs

Only one input is required for this action:

score_threshold: The minimum score required for a dependency to be considered high quality. Anything below this score will fail the action.