security-workflow-sync is an open-source tool that bridges GitHub Dependabot vulnerability alerts into task management tools like Asana, solving the problem of security alerts being ignored because developers work in project management tools rather than GitHub's Security tab. It runs via a single Docker command, supports bootstrapping an Asana project with severity sections and custom fields, syncs open alerts as tasks with advisory details, handles team ownership assignment per repository, supports filtering by repo, and can be scheduled hourly via GitHub Actions. Jira, Linear, and GitHub Issues integrations are planned.
Table of contents
🔑 Prerequisites👥 Team ownership🎯 Filtering by repository🕐 Putting it on a cron🗒️ Notes🚀 RoadmapSort: