Community-Service/.github/workflows/dependency-review.yml at main · LEDBrain/Community-Service · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
name: 'Dependency Review'
on: [workflow_dispatch] #pull_request

permissions:
    contents: read

jobs:
    dependency-review:
        runs-on: ubuntu-latest
        steps:
            - name: '☁ Checkout Repository'
              uses: actions/checkout@v5
            - name: '📦 Dependency Review'
              uses: actions/dependency-review-action@v4
              with:
                  # Possible values: "critical", "high", "moderate", "low"
                  fail-on-severity: moderate
                  #
                  # You can only include one of these two options: `allow-licenses` and `deny-licences`
                  #
                  # Possible values: Any `spdx_id` value(s) from https://docs.github.com/en/rest/licenses
                  # allow-licenses: GPL-3.0, BSD-3-Clause, MIT
                  #
                  # Possible values: Any `spdx_id` value(s) from https://docs.github.com/en/rest/licenses
                  # deny-licenses: LGPL-2.0, BSD-2-Clause