Automated software composition analysis at scale

This GitHub App allows technical leads and security engineers to get visibility quickly into the security risks from known vulnerabilities in dependencies used across their entire application portfolio.

The App will set up the GitHub Action for Contrast SCA across repos by committing a workflow file with the Action configured via secrets.

Any commits to the default branch or attempts to merge into the default branch will trigger the workflow. Results will be available as PR status checks, in the Actions logs, and in the Contrast web interface.

Note that you must be an Admin on at least one of the repositories in the GitHub organization on which you wish to install. Note that you must also have a Contrast account to complete the installation of this App, and the account's role must be Org Editor at minimum.

See Contrast Documentation for more details. You can also email support@contrastsecurity.com for any assistance.