search

advanced-security / secret-scanning-review-action

Action to detect if a secret is initially detected in a pull request
MIT License
12 stars 3 forks source link

Create dependency-review.yml #16

Closed felickz closed 7 months ago

felickz commented 7 months ago

This pull request introduces a new GitHub Action, Dependency Review, to the .github/workflows/dependency-review.yml file. This action will scan dependency manifest files that change as part of a pull request, identifying any known-vulnerable versions of the packages declared or updated in the PR. This action is sourced from the repository https://github.com/actions/dependency-review-action and is intended to enhance the security of the software supply chain. If marked as required, this workflow will prevent the merging of PRs introducing known-vulnerable packages.

github-actions[bot] commented 7 months ago

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 0e8a182d6d430d9cdd2d0697bf75359e6ae14bac.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/advanced-security/reusable-workflows/.github/workflows/dependency-review.yml main UnknownUnknown

Scanned Manifest Files

.github/workflows/dependency-review.yml
  • advanced-security/reusable-workflows/.github/workflows/dependency-review.yml@main