Skip to content
Dependency Review

PR26.5: source-install payload completeness #1214

Sign in to view logs

PR26.5: source-install payload completeness

PR26.5: source-install payload completeness #1214

Workflow file for this run

.github/workflows/dependency-review.yml at 4a1dd31
# =============================================================================
# NFTBan - Dependency Review
# =============================================================================
# SPDX-License-Identifier: MPL-2.0
# Purpose: Review dependencies for security vulnerabilities on pull requests
#
# Runs on:
# - Pull requests to main branch
#
# Outputs:
# - Blocks PRs that introduce high or critical severity vulnerabilities
# - Reports vulnerable dependencies in PR comments
# =============================================================================
name: Dependency Review
on:
pull_request:
branches: [main]
permissions:
contents: read
pull-requests: write
concurrency:
group: dependency-review-${{ github.ref }}
cancel-in-progress: true
jobs:
dependency-review:
name: Dependency Review
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
- name: Dependency Review
uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0
with:
fail-on-severity: high
comment-summary-in-pr: always
- name: Generate summary
if: always()
run: |
echo "## Dependency Review Results" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "Dependency Review scans for security vulnerabilities in dependencies:" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Blocking Criteria" >> $GITHUB_STEP_SUMMARY
echo "- **High severity** vulnerabilities: Blocked" >> $GITHUB_STEP_SUMMARY
echo "- **Critical severity** vulnerabilities: Blocked" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "Review the PR comments for detailed vulnerability information." >> $GITHUB_STEP_SUMMARY