actions/dependency-review-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
NaN Commits 1 Branch 0 Tags
8cf6fcb693697d59a2ada5d661bfdb33264ec9aa
Commit Graph

151 Commits

Author SHA1 Message Date
Federico Builes
0b306aef97 Don't try to create PURLs from empty strings. 2023-05-31 16:14:02 +02:00
Stefan Petrushevski
f1c8401a59 resolve merge conflicts 2023-05-30 18:04:26 +02:00
Stefan Petrushevski
7b5fa84cfc added tests; docs and cleanup 2023-05-19 10:47:59 +02:00
Stefan Petrushevski
0574926a14 document; code style; 2023-05-16 16:50:04 +02:00
Stefan Petrushevski
1896d6f936 Clean up; updated docs 2023-04-06 10:49:30 +02:00
Stefan Petrushevski
39dca1ce09 Adjusted output 2023-04-06 10:04:48 +02:00
Stefan Petrushevski
9ad7edb033 switched to purl format 2023-04-06 09:37:42 +02:00
Justin Holguín
76b8e83d1a Use 'Unnamed Manifest' as catchall bucket 2023-03-28 16:06:07 +00:00
Justin Holguín
7e1f7be1f6 Handle dependencies with an empty manifest field 
This happens sometimes with snapshots. We just want them to be displayed properly in the HTML output.
 2023-03-24 19:07:22 +00:00
Justin Holguín
0c01e947d6 Flesh out the warnings section a tiny bit 2023-03-23 23:26:23 +00:00
Justin Holguín
782549c724 Ignore snapshot_warnings for missing head snapshots 2023-03-23 22:59:07 +00:00
Justin Holguín
419396de41 Show snapshot warnings in the summary 2023-03-22 21:30:12 +00:00
Stefan Petrushevski
d5c2f70a7f no inline config options due to limitations 2023-03-08 15:23:57 +01:00
Stefan Petrushevski
f92376010c inline config options 2023-03-08 15:05:16 +01:00
Stefan Petrushevski
884b7abd2d updated summary output; create_summary.ts script 2023-03-08 13:02:59 +01:00
Stefan Petrushevski
600458c5dd licenses check exclusion list 2023-03-08 12:38:34 +01:00
David Losert
6b34d93738 Skips dependency review if no changes detected 2023-03-02 07:47:09 +00:00
David Losert
b7a25f4e9b Makes License Issues a single table per manifest 2023-03-02 07:43:23 +00:00
David Losert
1090cda9d5 Adjusts headlines and formatting for license issues 2023-02-28 12:28:20 +00:00
David Losert
6315b3822f Renames variable to be more speaking 2023-02-28 12:27:55 +00:00
David Losert
b089c5b002 Adds conditional license summary 2023-02-28 11:08:39 +00:00
David Losert
6e66d136ec Reformats vulnerability section 2023-02-27 16:05:59 +00:00
David Losert
19ee172e7e feat: Adjusts the formatting and content for the status header 2023-02-22 14:05:52 +00:00
David Losert
1c85e9db8d Adds option to write summary into a pr comment 2023-02-16 10:03:16 +00:00
Federico Builes
6855e6ed4e Merge branch 'main' of gh into fix-request-error-handling 2023-01-09 08:16:48 +01:00
Federico Builes
ef8bfcec89 linter suggestions 2023-01-09 07:59:55 +01:00
Chad Bentz
e6aba92fb0 Enhance failure message to include GHAS note 2023-01-05 17:26:46 +00:00
Josh Soref
03c7962be5 spelling: vulnerabilities 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-12-08 11:04:05 -05:00
Josh Soref
a184554be2 spelling: minimum 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-12-08 11:04:05 -05:00
Federico Builes
369356e2e7 Fixing merge conflict in dist/ 
# Conflicts:
#	dist/index.js.map
 2022-11-16 11:24:44 +01:00
Federico Builes
ac059c649c Checkpoint! 2022-11-15 22:29:00 +01:00
Federico Builes
c57c602135 Force error casting to get messages! 2022-11-15 07:50:45 +01:00
Federico Builes
0a055a6a13 Improve error messages for external config files. 2022-11-15 07:45:29 +01:00
cnagadya
d87317e782 Set octokit baseurl for enterprise 2022-11-14 13:49:52 +00:00
Federico Builes
bf8cfe8b38 Linting, adding dist files. 2022-11-09 13:22:33 +01:00
Federico Builes
ae538ebe32 Linting and whitespace. Smol rename. 2022-11-09 13:17:12 +01:00
Federico Builes
b4126ce983 Shuffle things around. 2022-11-09 13:16:53 +01:00
cnagadya
f0ff0b670a Rename config token > external-repo-token 2022-11-08 11:16:26 +00:00
cnagadya
78565a954f Dont merge config lists 
Co-authored-by: Henri Maurer<hmaurer@github.com>
Co-authored-by: Federico Builes<febuiles@github.com>
 2022-11-08 10:52:30 +00:00
cnagadya
3c73a622ba Fix config-file tests 2022-11-08 09:53:36 +00:00
cnagadya
13455c7175 Merge array config options 2022-11-07 17:57:05 +00:00
cnagadya
6d941b396a Fix inconsistencies due to zod defaults / partials mixup 2022-11-07 17:08:00 +00:00
cnagadya
49ed3f2876 Merge lists in configs instead of overwritting them 2022-11-07 12:33:54 +00:00
cnagadya
b55cddb69d Use config-file for both remote and local config-files 2022-11-07 12:12:03 +00:00
cnagadya
b4a2fbfa16 Complete functionality for handling remote config file 2022-11-04 14:51:41 +00:00
cnagadya
97e5a607ba Handle getContent response as is 
Co-authored-by: Henri Maurer <hmaurer@github.com>
 2022-11-04 10:08:00 +00:00
cnagadya
3b410dc4ad Load remote config file 2022-11-04 09:05:45 +00:00
Eric Cornelissen
84921e5e4a Simplify Summary summary based on license-check and vulnerability-check 
Omit details related to the license check of vulnerability check from
the GitHub Actions Summary's summary if the respective check is disabled
from the configuration.
 2022-10-28 22:15:44 +02:00
Eric Cornelissen
c5af7ff272 Prevent disabling all checks 
Prevent users from disabling both the license and vulnerability check by
checking if both are set to `false` and throwing if that's the case.
 2022-10-28 22:08:55 +02:00
Eric Cornelissen
31279d265a Add license-check and vulnerability-check inputs 
Add support for two new inputs, named `license-check` and
`vulnerability-check`, to disable the license checks or vulnerability
checks performed by this action. By default, both are enabled.
 2022-10-28 22:06:05 +02:00