GitHub Packages Security Action

Created by Tsur Rothfeld
Last updated Apr 14, 2021

WhiteSource's GitHub Packages Security Action combines GitHub Actions and GitHub Packages with WhiteSource to enable customers to automatically scan Docker images when they are published to the GitHub Packages and report back with found security vulnerabilities and license information. The results are handled inside WhiteSource the same as any scan, but can optionally land inside GitHub as a report as well.

WhiteSource GitHub Packages Action will trigger a call to our unified agent when a new package or image is added to GitHub Packages. It will automatically detect security vulnerabilities and license information in Docker images and packages when they are published to GitHub Packages, integrating container security into the CI/CD pipeline. All existing functionality for a container scan will apply as the results will arrive in the WhiteSource UI per the usual workflow, but users can additionally opt to attach a JSON-formatted scan report as an artifact in GitHub.

For more information, refer to GitHub Packages Security Action.