-
Notifications
You must be signed in to change notification settings - Fork 0
32 lines (30 loc) · 2.15 KB
/
dependency-review.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# Dependency Review Action
#
# This Action will scan dependency manifest files that change as part of a Pull Request,
# surfacing known-vulnerable versions of the packages declared or updated in the PR.
# Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable
# packages will be blocked from merging.
#
# Source repository: https://github.com/actions/dependency-review-action
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
name: 'Dependency review'
on:
pull_request:
branches: [ "main", "oldRelease" ]
permissions:
contents: read
pull-requests: write
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout repository'
uses: actions/checkout@v4
- name: 'Dependency Review'
uses: actions/dependency-review-action@v4
with:
comment-summary-in-pr: always
fail-on-severity: low
allow-licenses: AFL-1.2, AFL-2.0, AFL-2.1, Adobe-2006, ANTLR-PD, Apache-2.0, Apache-1.0, Apache-1.1, Artistic-1.0, Artistic-1.0-Perl, Artistic-1.0-cl8, Artistic-2.0, Beerware, BlueOak-1.0.0, BSL-1.0, BSD-1-Clause, BSD-2-Clause-FreeBSD, BSD-2-Clause-NetBSD, BSD-2-Clause, BSD-2-Clause-Views, BSD-3-Clause, BSD-3-Clause-Clear, BSD-4-Clause, BSD-Protection, BSD-Source-Code, BSD-3-Clause-Attribution, 0BSD, BSD-2-Clause-Patent, bzip2-1.0.6, ClArtistic, CDDL-1.0, CDDL-1.1, CPL-1.0, CC0-1.0, curl, WTFPL, EPL-1.0, EPL-2.0, ECL-2.0, eGenix, ErlPL-1.1, FTL, FSFAP, HPND, ICU, IJG, Info-ZIP, ISC, Libpng, MS-PL, MIT, MIT-Modern-Variant, MIT-0, MPL-1.0, MPL-1.1, MPL-2.0, NAIST-2003, Net-SNMP, OLDAP-1.4, OLDAP-2.8, OpenSSL, PHP-3.0, PHP-3.01, Plexus, PostgreSQL, Python-2.0, Python-2.0.1, PSF-2.0, RSA-MD, Ruby, SISSL, SISSL-1.2, TCL, Unicode-DFS-2015, Unicode-DFS-2016, Unicode-3.0, Unicode-TOU, UPL-1.0, Unlicense, W3C-20150513, W3C-19980720, W3C, Xnet, X11, X11-distribute-modifications-variant, Zend-2.0, Zlib, zlib-acknowledgement, ZPL-1.1, ZPL-2.0, ZPL-2.1
fail-on-scopes: development, runtime, unknown
retry-on-snapshot-warnings: true