Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 6f89bd5

Browse filesBrowse files
Pankajcoder1Pankajcoder1
authored
add dependency review workflow
1 parent 27b56e0 commit 6f89bd5
Copy full SHA for 6f89bd5

File tree

1 file changed

+20
-0
lines changed
Filter options

1 file changed

+20
-0
lines changed

‎.github/workflows/dependency-review.yml

Copy file name to clipboard
+20Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
# Dependency Review Action
2+
#
3+
# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
4+
#
5+
# Source repository: https://github.com/actions/dependency-review-action
6+
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
7+
name: 'Dependency Review'
8+
on: [pull_request]
9+
10+
permissions:
11+
contents: read
12+
13+
jobs:
14+
dependency-review:
15+
runs-on: ubuntu-latest
16+
steps:
17+
- name: 'Checkout Repository'
18+
uses: actions/checkout@v3
19+
- name: 'Dependency Review'
20+
uses: actions/dependency-review-action@v2

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.