Files

47 lines
2.1 KiB
YAML
Raw Permalink Normal View History

2022-03-31 18:31:39 +02:00
name: 'Dependency Review'
2022-04-06 16:03:35 -04:00
description: 'Prevent the introduction of dependencies with known vulnerabilities'
2022-03-31 18:31:39 +02:00
author: 'GitHub'
inputs:
repo-token:
2022-06-14 09:05:05 +02:00
description: Token for the repository. Can be passed in using `{{ secrets.GITHUB_TOKEN }}`.
2022-03-31 18:31:39 +02:00
required: false
default: ${{ github.token }}
2022-06-14 07:40:16 +02:00
fail-on-severity:
2022-06-14 09:05:05 +02:00
description: Don't block PRs below this severity. Possible values are `low`, `moderate`, `high`, `critical`.
2022-06-14 07:40:16 +02:00
required: false
default: 'low'
2022-09-15 20:07:28 +00:00
fail-on-scopes:
description: Dependency scopes to block PRs on. Comma-separated list. Possible values are 'unknown', 'runtime', and 'development' (e.g. "runtime, development")
required: false
default: 'runtime'
base-ref:
description: The base git ref to be used for this check. Has a default value when the workflow event is `pull_request` or `pull_request_target`. Must be provided otherwise.
required: false
head-ref:
description: The head git ref to be used for this check. Has a default value when the workflow event is `pull_request` or `pull_request_target`. Must be provided otherwise.
required: false
config-file:
2022-10-21 17:38:18 +02:00
description: A path to the configuration file for the action.
required: false
2022-06-14 07:50:25 +02:00
allow-licenses:
2022-06-14 07:40:16 +02:00
description: Comma-separated list of allowed licenses (e.g. "MIT, GPL 3.0, BSD 2 Clause")
required: false
2022-06-14 07:50:25 +02:00
deny-licenses:
2022-06-14 07:40:16 +02:00
description: Comma-separated list of forbidden licenses (e.g. "MIT, GPL 3.0, BSD 2 Clause")
required: false
2022-09-23 19:59:39 +00:00
allow-ghsas:
description: Comma-separated list of allowed Github Advisory IDs (e.g. "GHSA-abcd-1234-5679, GHSA-efgh-1234-5679")
required: false
2022-11-08 11:16:26 +00:00
external-repo-token:
description: A token for fetching external configuration file if it lives in another repository. It is required if the repository is private
required: false
license-check:
description: A boolean to determine if license checks should be performed
required: false
vulnerability-check:
description: A boolean to determine if vulnerability checks should be performed
required: false
2022-03-31 18:31:39 +02:00
runs:
using: 'node16'
main: 'dist/index.js'