chore: bump go-mod-validator to v1 #30
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependency Review - License/Vulns | |
| ### | |
| # This workflow analyzes dependencies introduced by pull requests to help identify security vulnerabilities | |
| # and for invalid dependency licenses. | |
| # | |
| # The default config-preset is "license-deny-vulnerability-high". This preset has this behavior: | |
| # | |
| # Fail if a dependency is found with a license that is in the deny_licenses list and fails if vulnerabilities are found in the | |
| # dependency tree with a high severity or greater. | |
| # | |
| # To override the config-preset, set the DEPENDENCY_REVIEW_CONFIG_PRESET repo variable using the gh cli: | |
| # gh variable set DEPENDENCY_REVIEW_CONFIG_PRESET --body "license-deny-vulnerability-high" | |
| # | |
| # To override the show-openssf-scorecard option, set the DEPENDENCY_REVIEW_SHOW_OPENSSF_SCORECARD repo variable using the gh cli: | |
| # gh variable set DEPENDENCY_REVIEW_SHOW_OPENSSF_SCORECARD --body "false" | |
| ### | |
| on: | |
| merge_group: | |
| pull_request: | |
| permissions: {} | |
| jobs: | |
| license-and-vulnerabilities: | |
| name: License and Vulnerabilities | |
| permissions: | |
| contents: read | |
| runs-on: ubuntu-latest | |
| # Skip on merge group events | |
| if: ${{ github.event_name == 'pull_request' }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Dependency Review | |
| uses: smartcontractkit/.github/actions/dependency-review@dependency-review/v2 | |
| with: | |
| config-preset: ${{ vars.DEPENDENCY_REVIEW_CONFIG_PRESET || 'license-deny-vulnerability-high' }} | |
| show-openssf-scorecard: ${{ vars.DEPENDENCY_REVIEW_SHOW_OPENSSF_SCORECARD || 'true' }} |