Verja - serverless subscriptions of CVE reports

Verja on GitHub Marketplace

When you have a varied stack of tools, services, frameworks etc. it could be hard to track Common Vulnerabilities and Exposures (CVE) for them. There are a bunch of different services out there to help you, but I never found the one that suited me, so based on a idea from another project, I wrote a Github action called Verja.

Verja is a github action that you could add to a private repo and get automatic alerts in Slack and Jira tickets. The repo need to be private, because your are storing secrets in it.

You could configure it to both post to a Slack channel and to create Jira tickets for you - you could use both, or one of them.

If you do not want to run it as a serverless GitHub Action, you could also run it in Docker or some other way (like a cronjob in Kubernetes).

The Github action is pretty easy to configure, the important part is to be granular in which CVEs you want to subscribe on - you could get spammed...

To read more about Verja, and how to use - head over to GitHub Marketplace.

Verja is by the way icelandic for guard or defend.