sigs.k8s.io/cluster-api-provider-azure@v1.17.0/.github/workflows/dependency-review.yml (about) 1 # Dependency Review Action 2 # 3 # This Action will scan dependency manifest files that change as part of a Pull Request, 4 # surfacing known-vulnerable versions of the packages declared or updated in the PR. 5 # Once installed, if the workflow run is marked as required, 6 # PRs introducing known-vulnerable packages will be blocked from merging. 7 # 8 # Source repository: https://github.com/actions/dependency-review-action 9 name: 'Dependency Review' 10 on: [pull_request] 11 12 permissions: 13 contents: read 14 15 jobs: 16 dependency-review: 17 runs-on: ubuntu-latest 18 steps: 19 - name: Harden Runner 20 uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 21 with: 22 egress-policy: audit 23 24 - name: 'Checkout Repository' 25 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 26 - name: 'Dependency Review' 27 uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4