From 26ad53417afd9b444988551a6acc86807e196dc8 Mon Sep 17 00:00:00 2001
From: Jose Tomas Robles Hahn <jtrobles@cordada.com>
Date: Thu, 26 Jan 2023 11:53:46 -0300
Subject: [PATCH] chore: Add GitHub Dependency Review configuration for FOSS

> Dependency review helps you understand dependency changes and the
> security impact of these changes at every pull request. It provides an
> easily understandable visualization of dependency changes with a rich
> diff on the "Files Changed" tab of a pull request

Documentation:
https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review

Ref: https://cordada.aha.io/features/TECHINFRA-163
---
 .github/dependency-review-config-foss.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 .github/dependency-review-config-foss.yaml

diff --git a/.github/dependency-review-config-foss.yaml b/.github/dependency-review-config-foss.yaml
new file mode 100644
index 0000000..72565b5
--- /dev/null
+++ b/.github/dependency-review-config-foss.yaml
@@ -0,0 +1,9 @@
+# GitHub Dependency Review Configuration for Free and Open Source Software
+#
+# Dependency review helps you understand dependency changes and the security impact of these
+# changes.
+#
+# Documentation:
+# - https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review
+
+fail-on-severity: critical