Atomist is currently in Early Access. Features and APIs are subject to change.
With no configuration required, Atomist already draws vulnerability data from several public advisories. You can extend this by adding your own, custom advisories if you wish.
Adding and updating advisories
To add your own advisories:
Create a repository called
atomist-advisoriesin the GitHub account where you’ve installed the Atomist GitHub app.
In the default branch of the repository, add a new JSON file called
<source>/<source id>.json, where:
sourceshould be the name of your company
source-idhas to be a unique id for the advisory within
The JSON file must follow the schema defined in Open Source Vulnerability format.
Refer to the GitHub Advisory Database for examples of advisories.
Delete an advisory from the database by removing the corresponding JSON advisory
file from the
advisories, vulnerabilities, databases, open source, configure, security, atomist
Atomist only considers additions, changes and removals of JSON advisory files in the repository’s default branch.