Connect repositories, ingest their dependency graph, and score them automatically.
name: Spyda Security Scan
on: [push, pull_request]
jobs:
spyda-analysis:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: spyda-sec/action@v2
with:
api-key: ${{ secrets.SPYDA_API_KEY }}
fail-on-threshold: true
threshold: 80Pulls the repo's SPDX dependency graph from GitHub.
Maps dependencies and licenses into a real TrustScore.
Blocks merges when TrustScore drops below threshold.
Push & PR webhooks re-score on every change.