actions/dependency-review-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
NaN Commits 1 Branch 0 Tags
bc5f6c2f396bbc35e8543ff31ce2bfa69ddeaff7
Commit Graph

89 Commits

Author SHA1 Message Date
Federico Builes
2dd6c6a3d7 Fixing a bug with GHSA filtering. 
Co-authored-by: Christine Nagadya <cnagadya@github.com>
 2022-10-11 15:17:34 +02:00
Federico Builes
1d9bfbbddf Document the behavior of the GHSA filtering function. 2022-10-11 15:09:58 +02:00
Federico Builes
ee42a6512f Show the dependency name instead of the manifest. 2022-10-11 14:50:55 +02:00
Federico Builes
468485fc8e Clean up the main script a bit. 2022-09-27 12:25:12 +02:00
Federico Builes
46c9f79a1f Create utils.ts file for helper functions. 2022-09-27 12:23:05 +02:00
Federico Builes
cd3f55e8f9 Add all the dependencies to the review summary too. 2022-09-27 11:52:15 +02:00
Federico Builes
0515f5cb39 Adding a skeleton for scanned dependencies in the summary. 2022-09-26 19:14:04 +02:00
Federico Builes
2d1d679f58 Move manifest grouping outside main.ts 2022-09-26 19:13:25 +02:00
Federico Builes
a3563a05bc Use a set instead of raw JS objects. 2022-09-26 12:41:16 +02:00
Federico Builes
8a20ddbf25 try adding 3 sections 2022-09-26 12:21:24 +02:00
Federico Builes
60be833ffd Update manifest formatting in output. 2022-09-26 12:01:39 +02:00
Federico Builes
000837f2ac Don't nest groups. 2022-09-26 11:41:02 +02:00
Federico Builes
89f99d150a adding colors to the dep output 2022-09-26 11:35:05 +02:00
Federico Builes
78c7c01396 Merge branch 'main' into add-scanned-deps 
# Conflicts:
#	dist/index.js.map
 2022-09-26 08:47:23 +02:00
Sarah Aladetan
bcb52636bd build and package allow-ghsas 2022-09-22 22:58:43 +00:00
Sarah Aladetan
062b749663 revise ghsa filter 2022-09-22 22:36:34 +00:00
Sarah Aladetan
4f00b72b84 filter allowed ghsas in action flow 2022-09-22 22:25:21 +00:00
Sarah Aladetan
602f968ea2 create a filter for vulns that are on the allowlist 2022-09-22 21:36:26 +00:00
Sarah Aladetan
bd61ea0d9e create config option for ghsa allowlist 2022-09-22 21:34:18 +00:00
Federico Builes
723ec8c0d3 Try showing information about the scanned dependencies. 2022-09-22 16:49:45 +02:00
Federico Builes
4d3b8e5269 Clarify code a bit. 2022-09-21 17:01:00 +02:00
Federico Builes
54cd9a7cba Merge branch 'main' into external-config 
# Conflicts:
#	README.md
#	__tests__/config.test.ts
#	dist/index.js.map
#	src/config.ts
#	src/schemas.ts
 2022-09-21 16:50:02 +02:00
Federico Builes
c4693c00ac Raise errors for invalid values in the external config. 2022-09-21 16:30:05 +02:00
Sarah Aladetan
de48c615a3 build and package scope filtering 2022-09-20 15:18:31 +00:00
Federico Builes
eef7e39202 Accept options from both sources, prioritize external config. 2022-09-20 15:52:34 +02:00
Federico Builes
61f19e6447 Let the users set the path for the config file. 2022-09-20 15:15:14 +02:00
Federico Builes
4b4ec08f7b Make sure we get rid of the ridiculous dashes in the names. 2022-09-19 17:28:59 +02:00
Federico Builes
a91c3ac205 Split reading inline/external configuration options. 2022-09-19 17:28:44 +02:00
Federico Builes
bf0cb7fac4 Add a default config file. 2022-09-19 17:28:20 +02:00
Sarah Aladetan
10bc05df70 ensure scope filtering is backward compatible with enterprise rest api versions 2022-09-16 19:13:58 +00:00
Federico Builes
8ef181b2cb Read a hardcoded config file. 2022-09-16 14:30:57 +02:00
Sarah Aladetan
0d23c39a5d filter by scope in action 2022-09-15 20:03:27 +00:00
Sarah Aladetan
6549b27685 add configuration for scopes to fail on 2022-09-15 18:48:58 +00:00
Sarah Aladetan
f4b16c52e5 add method to filter changes by given scopes 2022-09-15 18:00:07 +00:00
Sarah Aladetan
1a7a37c468 add scope to change schema 2022-09-15 17:53:34 +00:00
Federico Builes
5da7945e2b Fixing lint/dist. 2022-08-18 16:15:03 +02:00
Federico Builes
0e0d6ec5d6 Merge branch 'main' into add-summary 2022-08-18 16:11:15 +02:00
Tiago Pascoal
dfcdb87cb3 Fix typo 
Co-authored-by: Eric Cornelissen <ericornelissen@gmail.com>
 2022-08-07 12:36:42 +01:00
Tiago Pascoal
aef949f026 Show vulnerabities and license information on the job summary. 
Users can see the results that were found directly on the job summary

All the results are grouped by manifest.

It shows a table with vulnerable packages, together with package version,
the vulnerabily info and it's severity.

Shows info about package licenses, which packages have a non allowed license,
and the list of packages with unknown licenses.
 2022-08-04 15:35:07 +00:00
Will Da Silva
388b1a309d Support user-provided base/head refs & non-PR workflows 2022-07-21 15:47:05 -04:00
Kenichi Kamiya
c5d7bdcf7f Ignore removed changes in license checker 2022-07-13 18:11:10 +09:00
Kenichi Kamiya
9fdc2574b8 Fix rest eslint errors manually 2022-07-04 20:12:07 +09:00
Kenichi Kamiya
6e9189a5c1 npx eslint --fix src/**/*.ts 2022-07-04 20:12:07 +09:00
Kenichi Kamiya
c6f347d470 npm run format 2022-07-04 20:12:07 +09:00
Federico Builes
1c59cdf2a9 Fix the unknown licenses error message 2022-06-16 06:03:16 +02:00
Federico Builes
963fe8045d Always print null licenses. 2022-06-15 15:22:35 +02:00
Federico Builes
bf94d94f63 Remove old TODO. 2022-06-15 15:22:14 +02:00
Courtney Claessens
dfd519642f Update schemas.ts 2022-06-14 22:37:00 -04:00
Federico Builes
42e2bc1ed2 Handle unknown licenses. 2022-06-14 13:54:27 +02:00
Federico Builes
fd6e756c7b Updating readConfig() to be more readable, get rid of typecasts. 
Co-authored-by: Henri Maurer <hmaurer@github.com>
 2022-06-14 11:29:13 +02:00