Install Dependency Review Action#1201
Merged
aeisenberg merged 2 commits intogithub:mainfrom Mar 11, 2022
mrysav:patch-1
Merged
Conversation
aeisenberg
reviewed
Mar 11, 2022
aeisenberg
approved these changes
Mar 11, 2022
Contributor
aeisenberg
left a comment
aeisenberg
left a comment
There was a problem hiding this comment.
Seems good for now. We can expand the permissions later if necessary.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
👋 Hello friends! You have been selected try a new offering from the Dependency Graph team. Thank you advance for your help as we test and iterate towards our GA launch.
What is this?
This PR introduces the Dependency Review Action as a workflow on your repository. This Action will run on every pull request, scan changed dependencies, and alert you if the pull request is introducing vulnerabilities into your project.
You can find more details in our staff-ship announcement!
Installation
In order to install the action and get going, you simply have to merge this PR!
❗ As long as you don't make this workflow a required CI job, you won't be blocked by the workflow at all as we refine and prepare for our GA launch. If you are getting failures on your PRs that are not indicative of vulnerable dependencies being present, please let us know what errors you are receiving and we can help you out.
Questions and Comments
We love feedback!
Feel free to drop any feedback you have on our feedback issue. No concern or excitement is too little or too large! 😄
See the README for any other setup questions you have.
If you'd like to talk to a live representative, feel free to swing by and chat with us in the #dependency-graph channel on Slack.