Files
dependency-review-action/action.yml
T

32 lines
1.4 KiB
YAML
Raw Normal View History

2022-03-31 18:31:39 +02:00
name: 'Dependency Review'
2022-04-06 16:03:35 -04:00
description: 'Prevent the introduction of dependencies with known vulnerabilities'
2022-03-31 18:31:39 +02:00
author: 'GitHub'
inputs:
repo-token:
2022-06-14 09:05:05 +02:00
description: Token for the repository. Can be passed in using `{{ secrets.GITHUB_TOKEN }}`.
2022-03-31 18:31:39 +02:00
required: false
default: ${{ github.token }}
2022-06-14 07:40:16 +02:00
fail-on-severity:
2022-06-14 09:05:05 +02:00
description: Don't block PRs below this severity. Possible values are `low`, `moderate`, `high`, `critical`.
2022-06-14 07:40:16 +02:00
required: false
default: 'low'
2022-09-15 20:07:28 +00:00
fail-on-scopes:
description: Dependency scopes to block PRs on. Comma-separated list. Possible values are 'unknown', 'runtime', and 'development' (e.g. "runtime, development")
required: false
default: 'runtime'
base-ref:
description: The base git ref to be used for this check. Has a default value when the workflow event is `pull_request` or `pull_request_target`. Must be provided otherwise.
required: false
head-ref:
description: The head git ref to be used for this check. Has a default value when the workflow event is `pull_request` or `pull_request_target`. Must be provided otherwise.
required: false
2022-06-14 07:50:25 +02:00
allow-licenses:
2022-06-14 07:40:16 +02:00
description: Comma-separated list of allowed licenses (e.g. "MIT, GPL 3.0, BSD 2 Clause")
required: false
2022-06-14 07:50:25 +02:00
deny-licenses:
2022-06-14 07:40:16 +02:00
description: Comma-separated list of forbidden licenses (e.g. "MIT, GPL 3.0, BSD 2 Clause")
required: false
2022-03-31 18:31:39 +02:00
runs:
using: 'node16'
main: 'dist/index.js'