Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce the Dependency Review GitHub Action to CI ✅ #33

Closed
JamieSlome opened this issue Apr 9, 2024 · 3 comments
Closed

Introduce the Dependency Review GitHub Action to CI ✅ #33

JamieSlome opened this issue Apr 9, 2024 · 3 comments
Assignees
@joeyyy09
Labels
enhancement New feature or request good first issue Good for newcomers

Comments

@JamieSlome
Copy link
Member

The Dependency Review GitHub Action is very powerful for scanning pull requests for dependency changes and is capable of raising a CI error if vulnerabilities or invalid licenses are being introduced.

I'd recommend using the following workflow setup:

name: 'Dependency Review'
on: [pull_request]

permissions:
  contents: read
  pull-requests: write

jobs:
  dependency-review:
    runs-on: ubuntu-latest
    steps:
     - name: 'Checkout Repository'
       uses: actions/checkout@v4
     - name: Dependency Review
       uses: actions/dependency-review-action@v4
       with:
        comment-summary-in-pr: always
        fail-on-severity: high
        allow-licenses: MIT
        fail-on-scopes: development, runtime
@JamieSlome JamieSlome added the good first issue Good for newcomers label Apr 9, 2024
This was referenced Apr 9, 2024
Open
Merged
@magner669 magner669 added the enhancement New feature or request label Apr 10, 2024
@magner669 magner669 reopened this Apr 10, 2024
@JamieSlome
Copy link
Member Author

@joeyyy09 - thanks for taking this on! Can you drop a comment below and we should be able to assign this ticket to you! Great work ❤️ 🤗

@joeyyy09
Copy link

Yeah sure!

@JamieSlome
Copy link
Member Author

Addressed in #34 👍

Thanks @joeyyy09 ❤️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@joeyyy09 joeyyy09

Labels
enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@JamieSlome @magner669 @joeyyy09