add: dependency-review

apache · Sep 15, 2023 · d513518 · d513518
1 parent fdb4621
commit d513518
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -57,3 +57,17 @@ jobs:
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v2
+
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v3
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v3
+        # Refer: https://github.com/actions/dependency-review-action
+        with:
+          fail-on-severity: low
+          # Action will fail if dependencies don't match the list
+          #allow-licenses: Apache-2.0, MIT
+          #deny-licenses: GPL-3.0, AGPL-1.0, AGPL-3.0, LGPL-2.0, CC-BY-3.0