The Wayback Machine - https://web.archive.org/web/20220410034718/https://github.com/actions/dependency-review-action
Skip to content
Use this GitHub Action with your project

Add this Action to an existing workflow or create a new one.

View on Marketplace
main
Switch branches/tags
5 branches 1 tag
Code

Latest commit

@lseppala
lseppala Merge pull request #20 from courtneycl/main
f7d5349 Apr 6, 2022
Merge pull request #20 from courtneycl/main 
Update content
f7d5349

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.github
initial commit
Mar 31, 2022
__tests__
initial commit
Mar 31, 2022
dist
initial commit
Mar 31, 2022
scripts
initial commit
Mar 31, 2022
src
initial commit
Mar 31, 2022
.eslintignore
initial commit
Mar 31, 2022
.eslintrc.json
initial commit
Mar 31, 2022
.gitattributes
initial commit
Mar 31, 2022
.gitignore
initial commit
Mar 31, 2022
.prettierignore
initial commit
Mar 31, 2022
.prettierrc.json
initial commit
Mar 31, 2022
CODEOWNERS
Updating CODEOWNERS.
Apr 6, 2022
CODE_OF_CONDUCT.md
initial commit
Mar 31, 2022
CONTRIBUTING.md
initial commit
Mar 31, 2022
LICENSE
initial commit
Mar 31, 2022
README.md
Update README.md
Apr 6, 2022
SECURITY.md
initial commit
Mar 31, 2022
action.yml
Update action.yml
Apr 6, 2022
jest.config.js
initial commit
Mar 31, 2022
package-lock.json
Bump @typescript-eslint/eslint-plugin from 5.17.0 to 5.18.0
Apr 4, 2022
package.json
Bump @typescript-eslint/eslint-plugin from 5.17.0 to 5.18.0
Apr 4, 2022
tsconfig.json
initial commit
Mar 31, 2022
dependency-review-action Installation Getting help Contributing License

README.md

dependency-review-action

This action scans your pull requests for dependency changes and will raise an error if any new dependencies have existing vulnerabilities. The action is supported by an API endpoint that diffs the dependencies between any two revisions.

The action is available for all public repositories, as well as private repositories that have Github Advanced Security licensed.

Screen Shot 2022-03-31 at 1 10 51 PM

Installation

  1. Add a new YAML workflow to your .github/workflows folder:
name: 'Dependency Review'
on: [pull_request]

permissions:
  contents: read

jobs:
  dependency-review:
    runs-on: ubuntu-latest
    steps:
      - name: 'Checkout Repository'
        uses: actions/checkout@v3
      - name: 'Dependency Review'
        uses: actions/dependency-review-action@v1

Getting help

If you have bug reports, questions or suggestions please create a new issue.

Contributing

We are grateful for any contributions made to this project.

Please read CONTRIBUTING.MD to get started.

License

This project is released under the MIT License.

About

A GitHub Action for detecting vulnerable dependencies in your PRs

Resources

Readme

License

MIT License

Code of conduct

Code of conduct

Stars

60 stars

Watchers

3 watching

Forks

5 forks

Releases 1

v1 Latest
Apr 6, 2022

Packages

No packages published

Used by 115

  • @hydephp
  • @LZappy87
  • @dmolik
  • @kubernetes
  • @nicolaspearson
  • @nicolaspearson
  • @MikeOwino
  • @D3vS3c0ps
+ 107

Contributors 4

Languages