| title | category | chapter | order | redirect_from | ||
|---|---|---|---|---|---|---|
GitHub Advisories |
Datasources |
4 |
2 |
|
GitHub Advisories (GHSA) is a database of CVEs and GitHub-originated security advisories affecting the open source world. Advisories may or may not be documented in the [National Vulnerability Database]({{ site.baseurl }}{% link _docs/datasources/nvd.md %}).
Dependency-Track integrates with GHSA by mirroring advisories via GitHub's public GraphQL API. The mirror is refreshed daily, or upon restart of the Dependency-Track instance. A personal access token (PAT) is required in order to authenticate with GitHub, but no scopes have to be assigned to it. GitHub provides guidance on how to create a PAT here.
