Skip to content

JavaRod/automatic-fixpr

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
.github/workflows
.github/workflows
 
 
nodejs-npm
nodejs-npm
 
 
README.md
README.md
 
 
index.html
index.html
 
 

Repository files navigation

Black Duck SCA - Automatic FixPR Example

This repository demonstrates how to implement automated fix pull request creation using Black Duck SCA and GitHub Actions.

What This Example Shows

  • Automatic detection of fixable vulnerabilities
  • Automated pull request creation with fixes
  • Dependency updates for security issues
  • Integration with GitHub's PR workflow

Repository Structure

automatic-fixpr/ ├── .github/workflows/ │ └── nodejs-npm.yml # GitHub Actions workflow ├── nodejs-npm/ # Sample Node.js application │ ├── package.json │ └── [OWASP NodeGoat code] └── README.md

Sample Application

This example uses OWASP NodeGoat, a deliberately vulnerable Node.js application that demonstrates common security vulnerabilities.

Getting Started

  1. Fork this repository
  2. Configure Black Duck credentials in repository secrets
  3. Enable workflow permissions for PR creation
  4. Push changes to trigger automatic fix PR generation

Workflow Configuration

The workflow file demonstrates:

  • Vulnerability scanning and fix detection
  • Automated PR creation with security fixes
  • Fix validation and testing

Next Steps

  • Configure fix PR templates
  • Set up approval workflows
  • Customize fix validation rules

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • HTML 61.3%
  • JavaScript 38.5%
  • Other 0.2%