An alternative to the Snyk workflow (ish ... covers a part of it's functionality, but not a like-for-like replacement), which is currently got a peculiar issue (https://github.com/cameronterry/dark-matter/issues/107) preventing it from working at the moment.
This adds the GitHub Dependency Review action which will monitor the dependencies for security advisories / issues and will run on every pull request. It has the added benefit of ensuring license compliance as well as security, so likely a permanent addition to the GitHub actions on Dark Matter Plugin.
Renamed the Snyk workflow, and its file, to be more descriptive.
An alternative to the Snyk workflow (ish ... covers a part of it's functionality, but not a like-for-like replacement), which is currently got a peculiar issue (https://github.com/cameronterry/dark-matter/issues/107) preventing it from working at the moment.
This adds the GitHub Dependency Review action which will monitor the dependencies for security advisories / issues and will run on every pull request. It has the added benefit of ensuring license compliance as well as security, so likely a permanent addition to the GitHub actions on Dark Matter Plugin.