AppSec phoenix is happy to announce the full integration with Github Dependabot the free and open-source integrated tool to identify dependency issues with open source libraries
What does Dependabot do:
Dependabot alleviates that pain by updating your dependencies automatically, so you can spend less time updating dependencies and more time building. Up until now, the Dependabot features we’ve brought to GitHub have focused on automated security updates, which update packages that have known vulnerabilities
Dependabot has recently been updated to support the log4j / log4shell vulnerability detection
What does appsecphoenix do:
AppSec Phoenix is a risk-based vulnerability management platform RBVM with Application security tooling orchestration ASTO capabilities. We enable Executive, Security and Developer to agree on targets and objectives around cloud and application security enabling developers to consistently resolve vulnerabilities across cloud and appsec in line with executive expectation.
With appsec Phoenix, you can now initiate and retrieve scans easily with a click of a button
Links
Dependabot API doc https://github.com/dependabot/api-docs
Personal Access token: https://github.com/settings/tokens
For instruction on getting started with scanner integration refer to AppSec Phoenix Knowledge base
check out other integration at Integration or request a demo to see it for yourself at Request a Demo