Dependency Review GitHub Action in your repository to enforce dependency
reviews on your pull requests.
The action scans for vulnerable versions of dependencies introduced by package version
changes in pull requests,
and warns you about the associated security vulnerabilities.
This gives you better visibility of what's changing in a pull request,
and helps prevent vulnerabilities being added to your repository.
veewee
commented
2 years ago
https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement Signed-off-by: naveen 172697+naveensrinivasan@users.noreply.github.com