From ba9d3788e41756554f71500303a39dbea535b6ef Mon Sep 17 00:00:00 2001 From: Jon Janego Date: Tue, 6 Feb 2024 12:55:25 -0600 Subject: [PATCH] Changing default behavior to include comment summary in PR also gave the workflow the appropriate permissions required, pull-requests: write --- code-scanning/dependency-review.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/code-scanning/dependency-review.yml b/code-scanning/dependency-review.yml index 14255a9..74e66ed 100644 --- a/code-scanning/dependency-review.yml +++ b/code-scanning/dependency-review.yml @@ -20,8 +20,8 @@ on: # https://docs.github.com/en/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api permissions: contents: read - # Required if `comment-summary-in-pr: true` is uncommented below - # pull-requests: write + # Write permissions for pull-requests are required for using the `comment-summary-in-pr` option, comment out if you aren't using this option + pull-requests: write jobs: dependency-review: @@ -32,8 +32,8 @@ jobs: - name: 'Dependency Review' uses: actions/dependency-review-action@v4 # Commonly enabled options, see https://github.com/actions/dependency-review-action#configuration-options for all available options. - # with: + with: + comment-summary-in-pr: always # fail-on-severity: moderate - # deny-licenses: GPL-1.0-or-later, LGPL-2.0-or-later - # comment-summary-in-pr: true + # deny-licenses: GPL-1.0-or-later, LGPL-2.0-or-later # retry-on-snapshot-warnings: true