2022-03-31 18:31:39 +02:00
name : 'Dependency Review'
2022-04-06 16:03:35 -04:00
description : 'Prevent the introduction of dependencies with known vulnerabilities'
2022-03-31 18:31:39 +02:00
author : 'GitHub'
inputs :
repo-token :
2022-06-14 09:05:05 +02:00
description : Token for the repository. Can be passed in using `{{ secrets.GITHUB_TOKEN }}`.
2022-03-31 18:31:39 +02:00
required : false
default : ${{ github.token }}
2022-06-14 07:40:16 +02:00
fail-on-severity :
2022-06-14 09:05:05 +02:00
description : Don't block PRs below this severity. Possible values are `low`, `moderate`, `high`, `critical`.
2022-06-14 07:40:16 +02:00
required : false
default : 'low'
2022-09-15 20:07:28 +00:00
fail-on-scopes :
description : Dependency scopes to block PRs on. Comma-separated list. Possible values are 'unknown', 'runtime', and 'development' (e.g. "runtime, development")
required : false
default : 'runtime'
2022-07-21 15:47:05 -04:00
base-ref :
description : The base git ref to be used for this check. Has a default value when the workflow event is `pull_request` or `pull_request_target`. Must be provided otherwise.
required : false
head-ref :
description : The head git ref to be used for this check. Has a default value when the workflow event is `pull_request` or `pull_request_target`. Must be provided otherwise.
required : false
2022-09-20 15:15:14 +02:00
config-file :
2022-10-21 17:38:18 +02:00
description : A path to the configuration file for the action.
2022-09-20 15:15:14 +02:00
required : false
2022-06-14 07:50:25 +02:00
allow-licenses :
2022-06-14 07:40:16 +02:00
description : Comma-separated list of allowed licenses (e.g. "MIT, GPL 3.0, BSD 2 Clause")
required : false
2022-06-14 07:50:25 +02:00
deny-licenses :
2022-06-14 07:40:16 +02:00
description : Comma-separated list of forbidden licenses (e.g. "MIT, GPL 3.0, BSD 2 Clause")
required : false
2022-09-23 19:59:39 +00:00
allow-ghsas :
2022-12-08 10:32:03 -05:00
description : Comma-separated list of allowed GitHub Advisory IDs (e.g. "GHSA-abcd-1234-5679, GHSA-efgh-1234-5679")
2022-09-23 19:59:39 +00:00
required : false
2022-11-08 11:16:26 +00:00
external-repo-token :
2022-11-04 14:51:41 +00:00
description : A token for fetching external configuration file if it lives in another repository. It is required if the repository is private
2022-10-21 17:34:20 +02:00
required : false
2022-11-11 14:56:07 +01:00
license-check :
description : A boolean to determine if license checks should be performed
required : false
vulnerability-check :
description : A boolean to determine if vulnerability checks should be performed
required : false
2023-02-03 10:35:46 +00:00
comment-summary-in-pr :
description : A boolean to determine if the report should be posted as a comment in the PR itself. Setting this to true requires you to give the workflow the write permissions for pull-requests
required : false
2022-03-31 18:31:39 +02:00
runs :
using : 'node16'
main : 'dist/index.js'