MediaMarktSaturn/technolinator

GitHub: MediaMarktSaturn/technolinator

一款基于 Quarkus 的 GitHub 应用，自动化生成 SBOM 并分析 PR 中的依赖漏洞，实现与 Dependency-Track 的无缝集成。

Stars: 23 | Forks: 2

# Technolinator **用于 Pull Request 漏洞分析以及 SBOM 创建并上传至 Dependency-Track 的 GitHub 应用。** ![dependencies](https://dtrack.mmst.eu/api/v1/badge/vulns/project/technolinator/main) ![policies](https://dtrack.mmst.eu/api/v1/badge/violations/project/technolinator/main) 🚢 ![GitHub Release](https://img.shields.io/github/v/release/MediaMarktSaturn/technolinator?sort=semver&style=flat-square&label=ghcr.io%2Fmediamarktsaturn%2Ftechnolinator%3AVERSION) - `VERSION` 不包含前缀 `v`，并且有一个标记为 `fat-VERSION` 的镜像，其中包含更多 SDK（例如 Swift）它封装了 * [![](https://img.shields.io/badge/dynamic/yaml?url=https%3A%2F%2Fraw.githubusercontent.com%2FMediaMarktSaturn%2Ftechnolinator%2Fmain%2F.github%2Fworkflows%2Fci.yml&query=%24.env.CDXGEN_VERSION&style=flat-square&label=cdxgen)](https://github.com/CycloneDX/cdxgen) 它涵盖了多种编程语言和构建系统用于 SBOM 创建 * [![](https://img.shields.io/badge/dynamic/yaml?url=https%3A%2F%2Fraw.githubusercontent.com%2FMediaMarktSaturn%2Ftechnolinator%2Fmain%2F.github%2Fworkflows%2Fci.yml&query=%24.env.SBOMQS_VERSION&style=flat-square&label=sbomqs)](https://github.com/interlynk-io/sbomqs) 用于评估 SBOM 的质量 * [![](https://img.shields.io/badge/dynamic/yaml?url=https%3A%2F%2Fraw.githubusercontent.com%2FMediaMarktSaturn%2Ftechnolinator%2Fmain%2F.github%2Fworkflows%2Fci.yml&query=%24.env.DEPSCAN_VERSION&style=flat-square&label=depscan)](https://github.com/owasp-dep-scan/dep-scan) 用于在 Pull Request 中创建漏洞报告 * 或可选的 [![](https://img.shields.io/badge/dynamic/yaml?url=https%3A%2F%2Fraw.githubusercontent.com%2FMediaMarktSaturn%2Ftechnolinator%2Fmain%2F.github%2Fworkflows%2Fci.yml&query=%24.env.GRYPE_VERSION&style=flat-square&label=grype)](https://github.com/anchore/grype) 作为 depscan 的替代方案它构建于 [![](https://img.shields.io/badge/dynamic/xml?url=https%3A%2F%2Fraw.githubusercontent.com%2FMediaMarktSaturn%2Ftechnolinator%2Fmain%2Fpom.xml&query=%2F%2F*%5Blocal-name()%20%3D%20'quarkus.platform.version'%5D%2Ftext()&style=flat-square&label=Quarkus)](https://quarkus.io/) 之上，GitHub 集成由 [![](https://img.shields.io/badge/dynamic/xml?url=https%3A%2F%2Fraw.githubusercontent.com%2FMediaMarktSaturn%2Ftechnolinator%2Fmain%2Fpom.xml&query=%2F%2F*%5Blocal-name()%20%3D%20'quarkus-github-app.version'%5D%2Ftext()&style=flat-square&label=Quarkiverse%20GitHub%20App)](https://quarkiverse.github.io/quarkiverse-docs/quarkus-github-app/dev/index.html) 处理。 ## 概述 ![](https://static.pigsec.cn/wp-content/uploads/repos/2026/03/22119246e5172145.png) ## 文档 * 使用 Technolinator * [仓库特定配置](docs/Repository_Config.md) * 运维 Technolinator * [运行时配置](docs/Runtime_Config.md) * [部署配置](docs/Deployment_Config.md) * [适配您的需求](docs/Adoption.md) * 维护 Technolinator * [项目结构](docs/Project_Structure.md) * [贡献](docs/Contribution.md) _本仓库依据 [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0) 发布_ **_了解我们 👉 [https://mms.tech](https://mms.tech) 👈_**

标签：cdxgen, CycloneDX, Dependency-Track, DevSecOps, Docker, GitHub App, JS文件枚举, Pull Request 检查, Quarkus, SBOM, 上游代理, 云安全监控, 代码安全, 依赖管理, 域名枚举, 域名枚举, 安全防御评估, 开源治理, 文档安全, 漏洞枚举, 硬件无关, 自动化合规, 请求拦截, 跌倒检测, 软件开发工具包, 软件物料清单, 静态分析