File tree 1 file changed +22
-0
lines changed
1 file changed +22
-0
lines changed Original file line number Diff line number Diff line change 1+ # Dependency Review Action
2+ #
3+ # This Action will scan dependency manifest files that change as part of a Pull Request,
4+ # surfacing known-vulnerable versions of the packages declared or updated in the PR.
5+ # Once installed, if the workflow run is marked as required,
6+ # PRs introducing known-vulnerable packages will be blocked from merging.
7+ #
8+ # Source repository: https://github.com/actions/dependency-review-action
9+ name : ' Dependency Review'
10+ on : [pull_request]
11+
12+ permissions :
13+ contents : read
14+
15+ jobs :
16+ dependency-review :
17+ runs-on : ubuntu-latest
18+ steps :
19+ - name : ' Checkout Repository'
20+ uses : actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
21+ - name : ' Dependency Review'
22+ uses : actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c # v2.5.1
You can’t perform that action at this time.
0 commit comments