dependency-review-action

This Action scans your pull requests for vulnerabilities introduced when modifying your project's dependencies. A check in your pull requests will notify you of the results.

Installation

1. Add a new YAML workflow to your .github/workflows folder:

name: 'Dependency Review'
on: [pull_request]

permissions:
  contents: read

jobs:
  dependency-review:
    runs-on: ubuntu-latest
    steps:
      - name: 'Checkout Repository'
        uses: actions/checkout@v3
      - name: 'Dependency Review'
        uses: actions/dependency-review-action@v1

Getting help

If you have bug reports, questions or suggestions please create a new issue.

Contributing

We are grateful for any contributions made to this project.

Please read CONTRIBUTING.MD to get started.

License

This project is released under the MIT License.