actions/dependency-review-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
NaN Commits 1 Branch 0 Tags
a3074cd69966a0aed6bc666d73ca406262fda359
Commit Graph

117 Commits

Author SHA1 Message Date
Federico Builes
bf8cfe8b38 Linting, adding dist files. 2022-11-09 13:22:33 +01:00
Federico Builes
ae538ebe32 Linting and whitespace. Smol rename. 2022-11-09 13:17:12 +01:00
Federico Builes
b4126ce983 Shuffle things around. 2022-11-09 13:16:53 +01:00
cnagadya
f0ff0b670a Rename config token > external-repo-token 2022-11-08 11:16:26 +00:00
cnagadya
78565a954f Dont merge config lists 
Co-authored-by: Henri Maurer<hmaurer@github.com>
Co-authored-by: Federico Builes<febuiles@github.com>
 2022-11-08 10:52:30 +00:00
cnagadya
3c73a622ba Fix config-file tests 2022-11-08 09:53:36 +00:00
cnagadya
13455c7175 Merge array config options 2022-11-07 17:57:05 +00:00
cnagadya
6d941b396a Fix inconsistencies due to zod defaults / partials mixup 2022-11-07 17:08:00 +00:00
cnagadya
49ed3f2876 Merge lists in configs instead of overwritting them 2022-11-07 12:33:54 +00:00
cnagadya
b55cddb69d Use config-file for both remote and local config-files 2022-11-07 12:12:03 +00:00
cnagadya
b4a2fbfa16 Complete functionality for handling remote config file 2022-11-04 14:51:41 +00:00
cnagadya
97e5a607ba Handle getContent response as is 
Co-authored-by: Henri Maurer <hmaurer@github.com>
 2022-11-04 10:08:00 +00:00
cnagadya
3b410dc4ad Load remote config file 2022-11-04 09:05:45 +00:00
Eric Cornelissen
84921e5e4a Simplify Summary summary based on license-check and vulnerability-check 
Omit details related to the license check of vulnerability check from
the GitHub Actions Summary's summary if the respective check is disabled
from the configuration.
 2022-10-28 22:15:44 +02:00
Eric Cornelissen
c5af7ff272 Prevent disabling all checks 
Prevent users from disabling both the license and vulnerability check by
checking if both are set to `false` and throwing if that's the case.
 2022-10-28 22:08:55 +02:00
Eric Cornelissen
31279d265a Add license-check and vulnerability-check inputs 
Add support for two new inputs, named `license-check` and
`vulnerability-check`, to disable the license checks or vulnerability
checks performed by this action. By default, both are enabled.
 2022-10-28 22:06:05 +02:00
cnagadya
216fafaed5 PR feedback 
Co-authored-by: Federico Builes <febuiles@github.com>
 2022-10-28 11:23:05 +02:00
cnagadya
0144419c8e Format violations area 2022-10-27 16:43:45 +00:00
cnagadya
7b16bd0b54 Add unvalidated changes to summary 2022-10-27 16:24:30 +00:00
cnagadya
4525a8c091 Format summary findings 2022-10-27 15:41:19 +00:00
cnagadya
562a2f3c0a Improve summary formatting 2022-10-27 15:19:32 +00:00
cnagadya
022ea02fbb Add unresolved licenses section 2022-10-27 13:09:37 +00:00
cnagadya
3baea959cf Fix license test failures 2022-10-26 09:58:00 +00:00
cnagadya
ac5ed8754d Use SPDX license expressions 2022-10-26 09:56:34 +00:00
cnagadya
4c0961eff6 Add tests for GitHub License API fallback 2022-10-13 11:57:38 +00:00
cnagadya
d1e9a12830 Resolve conflicts 2022-10-13 11:06:40 +00:00
cnagadya
2e3713aab8 Optimise setGHLicenses 
Co-authored-by: Henri Maurer <hmaurer@github.com>
Co-authored-by: Federico Builes <febuiles@github.com>
 2022-10-13 11:03:34 +00:00
cnagadya
ba9d7c1389 Retrieve null licenses from licenses API 2022-10-13 11:03:34 +00:00
Federico Builes
2dd6c6a3d7 Fixing a bug with GHSA filtering. 
Co-authored-by: Christine Nagadya <cnagadya@github.com>
 2022-10-11 15:17:34 +02:00
Federico Builes
1d9bfbbddf Document the behavior of the GHSA filtering function. 2022-10-11 15:09:58 +02:00
Federico Builes
ee42a6512f Show the dependency name instead of the manifest. 2022-10-11 14:50:55 +02:00
Federico Builes
468485fc8e Clean up the main script a bit. 2022-09-27 12:25:12 +02:00
Federico Builes
46c9f79a1f Create utils.ts file for helper functions. 2022-09-27 12:23:05 +02:00
Federico Builes
cd3f55e8f9 Add all the dependencies to the review summary too. 2022-09-27 11:52:15 +02:00
Federico Builes
0515f5cb39 Adding a skeleton for scanned dependencies in the summary. 2022-09-26 19:14:04 +02:00
Federico Builes
2d1d679f58 Move manifest grouping outside main.ts 2022-09-26 19:13:25 +02:00
Federico Builes
a3563a05bc Use a set instead of raw JS objects. 2022-09-26 12:41:16 +02:00
Federico Builes
8a20ddbf25 try adding 3 sections 2022-09-26 12:21:24 +02:00
Federico Builes
60be833ffd Update manifest formatting in output. 2022-09-26 12:01:39 +02:00
Federico Builes
000837f2ac Don't nest groups. 2022-09-26 11:41:02 +02:00
Federico Builes
89f99d150a adding colors to the dep output 2022-09-26 11:35:05 +02:00
Federico Builes
78c7c01396 Merge branch 'main' into add-scanned-deps 
# Conflicts:
#	dist/index.js.map
 2022-09-26 08:47:23 +02:00
Sarah Aladetan
bcb52636bd build and package allow-ghsas 2022-09-22 22:58:43 +00:00
Sarah Aladetan
062b749663 revise ghsa filter 2022-09-22 22:36:34 +00:00
Sarah Aladetan
4f00b72b84 filter allowed ghsas in action flow 2022-09-22 22:25:21 +00:00
Sarah Aladetan
602f968ea2 create a filter for vulns that are on the allowlist 2022-09-22 21:36:26 +00:00
Sarah Aladetan
bd61ea0d9e create config option for ghsa allowlist 2022-09-22 21:34:18 +00:00
Federico Builes
723ec8c0d3 Try showing information about the scanned dependencies. 2022-09-22 16:49:45 +02:00
Federico Builes
4d3b8e5269 Clarify code a bit. 2022-09-21 17:01:00 +02:00
Federico Builes
54cd9a7cba Merge branch 'main' into external-config 
# Conflicts:
#	README.md
#	__tests__/config.test.ts
#	dist/index.js.map
#	src/config.ts
#	src/schemas.ts
 2022-09-21 16:50:02 +02:00