The SCANOSS webhook is a multiplatform webhook that performs source code scans against the SCANOSS API. Supports integration with GitHub, GitLab and BitBucket APIs.
SCANOSS provides a source code scanner that can be used to detect Open Source dependencies in your code.
The purpose of this code is to offer a reference implementation that can be expanded to suit the needs of individuals and organisations.
For building and intallation see the guide How to build and deploy.
In GitLab, on the webhook user's settings, select Access Tokens. Fill in a name and expiry date, and select api scope. Then Create personal access token. Take note of the token generated.
In GitLab, go to the repository where you want to install the webhook. Then select settings, then Webhook. Fill in the form with the URL of the webhook, add a secret token, and check Push events.
gitlab:
api-base: https://gitlab.com/api/v4 # This can also be your local GitLab API endpoint
api-key: your-gitlab-access-token
secret-token: your-secret-token
scanoss:
url: https://api-url-for-scanoss.example.com
token: my-scanoss-token