# Security configuration

Here we show how to setup and configure all features in order to get the most out of the security tool.

# Enable pull request support

For Debricked to generate pull requests on your behalf, you need to do some configuration based on the platform.

# Enable Vulnerable Functionality for your repository

To enable vulnerable functionality (currently only supported for Java Maven), you must setup an integration using GitHub actions. Once GitHub actions is set up, adding Vulnerable Functionality analysis is easy. Simply add a line using the Vulnerable Functionality action, as below.

name: Vulnerability scan

on: [push, pull_request]

jobs:
  vulnerabilities-scan:
    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v2
    - uses: debricked/vulnerable-functionality/java/maven@master
    - uses: debricked/actions/scan@v1
      env:
        DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN }}
        UPLOAD_ALL_FILES: "true"

Please note that you need to add the Vulnerable Functionality step after the checkout step, but before the scan step.

# Configuring Vulnerable Functionality

By default Vulnerable Functionality will assume your root pom.xml file is in the base repository directory. If this is not the case you need to let us know where it is, as shown below.

name: Vulnerability scan

on: [push, pull_request]

jobs:
  vulnerabilities-scan:
    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v2
    - uses: debricked/vulnerable-functionality/java/maven@master
      with:
        root-pom-directory: 'path/to/directory/with/root/pom'
    - uses: debricked/actions/scan@v1
      env:
        DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN }}
        UPLOAD_ALL_FILES: "true"