mirror of
https://github.com/slsa-framework/slsa-verifier.git
synced 2026-05-19 06:56:53 +00:00
Included dependency review check (#33)
> This action scans your pull requests for dependency changes and will raise an error if any > new dependencies have existing vulnerabilities. The action is supported > by an API endpoint that diffs the dependencies between any two revisions. - Included the https://github.com/actions/dependency-review-action Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
This commit is contained in:
Naveen
GitHub
14
.github/workflows/depsreview.yml
vendored
Normal file
14
.github/workflows/depsreview.yml
vendored
Normal file
@@ -0,0 +1,14 @@
|
||||
name: 'Dependency Review'
|
||||
on: [pull_request]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
dependency-review:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: 'Checkout Repository'
|
||||
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
|
||||
- name: 'Dependency Review'
|
||||
uses: actions/dependency-review-action@3f943b86c9a289f4e632c632695e2e0898d9d67d
|
||||
Reference in New Issue
Block a user