actions/dependency-review-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
NaN Commits 1 Branch 0 Tags
21763d05e047b289bf049101564136308b2ea46d
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Federico Builes 21763d05e0 Merge pull request #94 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.4.6 
Bump eslint-plugin-jest from 26.4.5 to 26.4.6
2022-05-31 05:25:05 +02:00
__tests__
initial commit
2022-03-31 18:31:39 +02:00
.github
Bump actions/upload-artifact from 2 to 3
2022-04-11 01:39:43 +00:00
dist
adding dist files
2022-05-24 14:52:45 -07:00
scripts
initial commit
2022-03-31 18:31:39 +02:00
src
handle unexpected error types opaquely
2022-05-23 11:45:36 -07:00
.eslintignore
initial commit
2022-03-31 18:31:39 +02:00
.eslintrc.json
initial commit
2022-03-31 18:31:39 +02:00
.gitattributes
initial commit
2022-03-31 18:31:39 +02:00
.gitignore
initial commit
2022-03-31 18:31:39 +02:00
.prettierignore
initial commit
2022-03-31 18:31:39 +02:00
.prettierrc.json
initial commit
2022-03-31 18:31:39 +02:00
action.yml
Update action.yml
2022-04-06 16:03:35 -04:00
CODE_OF_CONDUCT.md
initial commit
2022-03-31 18:31:39 +02:00
CODEOWNERS
Updating CODEOWNERS.
2022-04-06 18:29:51 +02:00
CONTRIBUTING.md
Update CONTRIBUTING.md
2022-05-12 10:25:45 +02:00
jest.config.js
initial commit
2022-03-31 18:31:39 +02:00
LICENSE
initial commit
2022-03-31 18:31:39 +02:00
package-lock.json
Merge pull request #94 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.4.6
2022-05-31 05:25:05 +02:00
package.json
Merge pull request #94 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.4.6
2022-05-31 05:25:05 +02:00
README.md
updating README
2022-05-13 08:11:58 +02:00
SECURITY.md
initial commit
2022-03-31 18:31:39 +02:00
tsconfig.json
initial commit
2022-03-31 18:31:39 +02:00

README.md

dependency-review-action

This action scans your pull requests for dependency changes and will raise an error if any new dependencies have existing vulnerabilities. The action is supported by an API endpoint that diffs the dependencies between any two revisions.

The action is available for all public repositories, as well as private repositories that have Github Advanced Security licensed.

Screen Shot 2022-03-31 at 1 10 51 PM

Installation

  1. Add a new YAML workflow to your .github/workflows folder:
name: 'Dependency Review'
on: [pull_request]

permissions:
  contents: read

jobs:
  dependency-review:
    runs-on: ubuntu-latest
    steps:
      - name: 'Checkout Repository'
        uses: actions/checkout@v3
      - name: 'Dependency Review'
        uses: actions/dependency-review-action@v1

Please keep in mind that you need a GitHub Advanced Security license if you're running this Action on private repos.

Getting help

If you have bug reports, questions or suggestions please create a new issue.

Contributing

We are grateful for any contributions made to this project.

Please read CONTRIBUTING.MD to get started.

License

This project is released under the MIT License.

Description
Mirror of github.com/actions/dependency-review-action
Readme 51 MiB
Languages
TypeScript 98.2%
Ruby 1.7%
JavaScript 0.1%