Verify Dependencies – pull_request #1149
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Dependency checks | |
| # | |
| # Description: | |
| # Verifies that dependencies are compatible with our project | |
| # by checking licenses and their security posture | |
| # | |
| # Triggers: | |
| # - pull_request | |
| on: | |
| pull_request: | |
| name: Verify Dependencies | |
| run-name: Verify Dependencies – ${{ github.event_name }} | |
| permissions: {} | |
| jobs: | |
| verify: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read # checkout repository and read dependency snapshots | |
| pull-requests: write # post review comments | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Verify Contents | |
| uses: actions/dependency-review-action@05fe4576374b728f0c523d6a13d64c25081e0803 # v4.8.3 | |
| with: | |
| config-file: './.github/dependency-review-config.yml' |