You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: .github/workflows/dependency-review.yml
+4-1
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,9 @@
1
1
# Dependency Review Action
2
2
#
3
-
# This Action will scan dependency manifest files that change as part of a Pull Reqest, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
3
+
# This Action will scan dependency manifest files that change as part of a Pull
4
+
# Reqest, surfacing known-vulnerable versions of the packages declared or
5
+
# updated in the PR. Once installed, if the workflow run is marked as required,
6
+
# PRs introducing known-vulnerable packages will be blocked from merging.
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
0 commit comments