This repository demonstrates how to implement automated fix pull request creation using Black Duck SCA and GitHub Actions.
- Automatic detection of fixable vulnerabilities
- Automated pull request creation with fixes
- Dependency updates for security issues
- Integration with GitHub's PR workflow
automatic-fixpr/ ├── .github/workflows/ │ └── nodejs-npm.yml # GitHub Actions workflow ├── nodejs-npm/ # Sample Node.js application │ ├── package.json │ └── [OWASP NodeGoat code] └── README.md
This example uses OWASP NodeGoat, a deliberately vulnerable Node.js application that demonstrates common security vulnerabilities.
- Fork this repository
- Configure Black Duck credentials in repository secrets
- Enable workflow permissions for PR creation
- Push changes to trigger automatic fix PR generation
The workflow file demonstrates:
- Vulnerability scanning and fix detection
- Automated PR creation with security fixes
- Fix validation and testing
- Configure fix PR templates
- Set up approval workflows
- Customize fix validation rules