From d51351846b734e2ed666d7be78d9e4c142267360 Mon Sep 17 00:00:00 2001 From: M <1216063060@qq.com> Date: Fri, 15 Sep 2023 22:33:25 +0800 Subject: [PATCH] add: dependency-review --- .github/workflows/codeql-analysis.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 52c1307ad..564602455 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -57,3 +57,17 @@ jobs: - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 + + dependency-review: + runs-on: ubuntu-latest + steps: + - name: 'Checkout Repository' + uses: actions/checkout@v3 + - name: 'Dependency Review' + uses: actions/dependency-review-action@v3 + # Refer: https://github.com/actions/dependency-review-action + with: + fail-on-severity: low + # Action will fail if dependencies don't match the list + #allow-licenses: Apache-2.0, MIT + #deny-licenses: GPL-3.0, AGPL-1.0, AGPL-3.0, LGPL-2.0, CC-BY-3.0 \ No newline at end of file