actions/dependency-review-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
NaN Commits 1 Branch 0 Tags
241ff73141313c8704accebb9f96cd24ef20a45d
Commit Graph

73 Commits

Author SHA1 Message Date
Sarah Aladetan
062b749663 revise ghsa filter 2022-09-22 22:36:34 +00:00
Sarah Aladetan
4f00b72b84 filter allowed ghsas in action flow 2022-09-22 22:25:21 +00:00
Sarah Aladetan
602f968ea2 create a filter for vulns that are on the allowlist 2022-09-22 21:36:26 +00:00
Sarah Aladetan
bd61ea0d9e create config option for ghsa allowlist 2022-09-22 21:34:18 +00:00
Federico Builes
4d3b8e5269 Clarify code a bit. 2022-09-21 17:01:00 +02:00
Federico Builes
54cd9a7cba Merge branch 'main' into external-config 
# Conflicts:
#	README.md
#	__tests__/config.test.ts
#	dist/index.js.map
#	src/config.ts
#	src/schemas.ts
 2022-09-21 16:50:02 +02:00
Federico Builes
c4693c00ac Raise errors for invalid values in the external config. 2022-09-21 16:30:05 +02:00
Sarah Aladetan
de48c615a3 build and package scope filtering 2022-09-20 15:18:31 +00:00
Federico Builes
eef7e39202 Accept options from both sources, prioritize external config. 2022-09-20 15:52:34 +02:00
Federico Builes
61f19e6447 Let the users set the path for the config file. 2022-09-20 15:15:14 +02:00
Federico Builes
4b4ec08f7b Make sure we get rid of the ridiculous dashes in the names. 2022-09-19 17:28:59 +02:00
Federico Builes
a91c3ac205 Split reading inline/external configuration options. 2022-09-19 17:28:44 +02:00
Federico Builes
bf0cb7fac4 Add a default config file. 2022-09-19 17:28:20 +02:00
Sarah Aladetan
10bc05df70 ensure scope filtering is backward compatible with enterprise rest api versions 2022-09-16 19:13:58 +00:00
Federico Builes
8ef181b2cb Read a hardcoded config file. 2022-09-16 14:30:57 +02:00
Sarah Aladetan
0d23c39a5d filter by scope in action 2022-09-15 20:03:27 +00:00
Sarah Aladetan
6549b27685 add configuration for scopes to fail on 2022-09-15 18:48:58 +00:00
Sarah Aladetan
f4b16c52e5 add method to filter changes by given scopes 2022-09-15 18:00:07 +00:00
Sarah Aladetan
1a7a37c468 add scope to change schema 2022-09-15 17:53:34 +00:00
Federico Builes
5da7945e2b Fixing lint/dist. 2022-08-18 16:15:03 +02:00
Federico Builes
0e0d6ec5d6 Merge branch 'main' into add-summary 2022-08-18 16:11:15 +02:00
Tiago Pascoal
dfcdb87cb3 Fix typo 
Co-authored-by: Eric Cornelissen <ericornelissen@gmail.com>
 2022-08-07 12:36:42 +01:00
Tiago Pascoal
aef949f026 Show vulnerabities and license information on the job summary. 
Users can see the results that were found directly on the job summary

All the results are grouped by manifest.

It shows a table with vulnerable packages, together with package version,
the vulnerabily info and it's severity.

Shows info about package licenses, which packages have a non allowed license,
and the list of packages with unknown licenses.
 2022-08-04 15:35:07 +00:00
Will Da Silva
388b1a309d Support user-provided base/head refs & non-PR workflows 2022-07-21 15:47:05 -04:00
Kenichi Kamiya
c5d7bdcf7f Ignore removed changes in license checker 2022-07-13 18:11:10 +09:00
Kenichi Kamiya
9fdc2574b8 Fix rest eslint errors manually 2022-07-04 20:12:07 +09:00
Kenichi Kamiya
6e9189a5c1 npx eslint --fix src/**/*.ts 2022-07-04 20:12:07 +09:00
Kenichi Kamiya
c6f347d470 npm run format 2022-07-04 20:12:07 +09:00
Federico Builes
1c59cdf2a9 Fix the unknown licenses error message 2022-06-16 06:03:16 +02:00
Federico Builes
963fe8045d Always print null licenses. 2022-06-15 15:22:35 +02:00
Federico Builes
bf94d94f63 Remove old TODO. 2022-06-15 15:22:14 +02:00
Courtney Claessens
dfd519642f Update schemas.ts 2022-06-14 22:37:00 -04:00
Federico Builes
42e2bc1ed2 Handle unknown licenses. 2022-06-14 13:54:27 +02:00
Federico Builes
fd6e756c7b Updating readConfig() to be more readable, get rid of typecasts. 
Co-authored-by: Henri Maurer <hmaurer@github.com>
 2022-06-14 11:29:13 +02:00
Federico Builes
f83a407eb9 Use the correct name for allowlists. 2022-06-14 09:46:59 +02:00
Federico Builes
76ad37608d Adding more tests for the config file. 2022-06-14 07:42:51 +02:00
Federico Builes
7278093fa0 Clarify some of the error messages. 2022-06-14 07:41:37 +02:00
Federico Builes
ef97470a0f Don't set the defaults in the test :/ 2022-06-14 07:04:26 +02:00
Federico Builes
24d7ef3c5d Use an empty config options type. 2022-06-14 06:48:58 +02:00
Federico Builes
1791775ce6 temp commit 2022-06-14 05:57:43 +02:00
Federico Builes
571f236610 Improved wording on license messages. 2022-06-13 20:08:16 +02:00
Federico Builes
cc22dcd654 Use undefined instead of null when dealing with lists. 2022-06-09 10:42:31 +02:00
Federico Builes
6b5518a9ed Adding more docs to licenses.ts 2022-06-09 10:33:05 +02:00
Federico Builes
20cca5c0c4 The default settings should not use []. 2022-06-08 18:28:10 +02:00
Federico Builes
a51db20961 Use null for unspecified values when filtering licenses. 2022-06-08 18:21:28 +02:00
Federico Builes
4ac3d318ab Refactoring on PR feedback. 2022-06-08 17:45:42 +02:00
Federico Builes
2ae9a2d51b Add logic for denied licenses. 2022-06-06 20:32:46 +02:00
Federico Builes
dc7b0a2788 Show an error when disallowed dependencies show up. 2022-06-06 20:32:46 +02:00
Federico Builes
06297bf229 Fixing failing tests 2022-06-06 20:32:46 +02:00
Federico Builes
bccacf9708 Skeleton for license validation. 2022-06-06 20:32:46 +02:00