OtherGitLab ComponentsSoftware Composition Analysis

Software Composition Analysis (SCA)

The software-composition-analysis (SCA) workflow performs Software Composition Analysis (SCA) to detect vulnerabilities in your project’s dependencies. It scans your software for outdated or vulnerable third-party libraries, helping you manage risks early in the development process.

The sca accepts the following inputs:

NameDescriptionRequiredDefault Value
api_urlThe DevGuard API URLNohttps://api.main.devguard.org
asset_nameName of the asset to scanYes
tokenAPI token for authenticating with DevGuardYes
scan_stageThe stage where the scan is runNotest
runner_tagsThe runner tags used to select appropriate CI runners.No""

Usage Example: Here’s an example of how to call this component:

include:
- remote: "https://gitlab.com/l3montree/devguard/-/raw/main/templates/sca.yml"
  inputs:
    asset_name: "myOrgnaization/projects/myProject/assets/myAsset"
    token: "$DEVGUARD_TOKEN"