9cdb91e238388937d91ed6cf8c34a839b6dcf188
dependency-review-action
This action scans your pull requests for dependency changes and will raise an error if any new dependencies have existing vulnerabilities. The action is supported by an API endpoint that diffs the dependencies between any two revisions.
The action is available for all public repositories, as well as private repositories that have Github Advanced Security licensed.
Installation
- Add a new YAML workflow to your
.github/workflowsfolder:
name: 'Dependency Review'
on: [pull_request]
permissions:
contents: read
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
- name: 'Dependency Review'
uses: actions/dependency-review-action@v1
Getting help
If you have bug reports, questions or suggestions please create a new issue.
Contributing
We are grateful for any contributions made to this project.
Please read CONTRIBUTING.MD to get started.
License
This project is released under the MIT License.
Description
Languages
TypeScript
98.2%
Ruby
1.7%
JavaScript
0.1%