38 lines
1.6 KiB
YAML
38 lines
1.6 KiB
YAML
name: 'Dependency Review'
|
|
description: 'Prevent the introduction of dependencies with known vulnerabilities'
|
|
author: 'GitHub'
|
|
inputs:
|
|
repo-token:
|
|
description: Token for the repository. Can be passed in using `{{ secrets.GITHUB_TOKEN }}`.
|
|
required: false
|
|
default: ${{ github.token }}
|
|
fail-on-severity:
|
|
description: Don't block PRs below this severity. Possible values are `low`, `moderate`, `high`, `critical`.
|
|
required: false
|
|
default: 'low'
|
|
fail-on-scopes:
|
|
description: Dependency scopes to block PRs on. Comma-separated list. Possible values are 'unknown', 'runtime', and 'development' (e.g. "runtime, development")
|
|
required: false
|
|
default: 'runtime'
|
|
base-ref:
|
|
description: The base git ref to be used for this check. Has a default value when the workflow event is `pull_request` or `pull_request_target`. Must be provided otherwise.
|
|
required: false
|
|
head-ref:
|
|
description: The head git ref to be used for this check. Has a default value when the workflow event is `pull_request` or `pull_request_target`. Must be provided otherwise.
|
|
required: false
|
|
config-file:
|
|
description: A filepath to the configuration file for the action.
|
|
required: false
|
|
allow-licenses:
|
|
description: Comma-separated list of allowed licenses (e.g. "MIT, GPL 3.0, BSD 2 Clause")
|
|
required: false
|
|
deny-licenses:
|
|
description: Comma-separated list of forbidden licenses (e.g. "MIT, GPL 3.0, BSD 2 Clause")
|
|
required: false
|
|
allow-ghsas:
|
|
description: Comma-separated list of allowed Github Advisory IDs (e.g. "GHSA-abcd-1234-5679, GHSA-efgh-1234-5679")
|
|
required: false
|
|
runs:
|
|
using: 'node16'
|
|
main: 'dist/index.js'
|