File tree 1 file changed +24
-0
lines changed
1 file changed +24
-0
lines changed Original file line number Diff line number Diff line change 1+ # Dependency Review Action
2+ #
3+ # This Action will scan dependency manifest files that change as part of a Pull Request,
4+ # surfacing known-vulnerable versions of the packages declared or updated in the PR.
5+ # Once installed, if the workflow run is marked as required,
6+ # PRs introducing known-vulnerable packages will be blocked from merging.
7+ #
8+ # Source repository: https://github.com/actions/dependency-review-action
9+ name : ' Dependency Review'
10+
11+ on : [pull_request]
12+
13+ permissions :
14+ contents : read
15+
16+ jobs :
17+ dependency-review :
18+ runs-on : ubuntu-latest
19+ steps :
20+ - name : ' Checkout Repository'
21+ uses : actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
22+
23+ - name : ' Dependency Review'
24+ uses : actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3
You can’t perform that action at this time.
0 commit comments