Skip to content

ci: adding Gemfile

ci: adding Gemfile #14

---
name: 'Dependency Review'
on: # yamllint disable-line rule:truthy
pull_request:
branches:
- 'main'
permissions:
contents: 'read'
jobs:
dependency-review:
name: 'Dependency Review'
runs-on: 'ubuntu-latest'
permissions:
contents: 'read'
pull-requests: 'write'
steps:
- name: 'Harden Runner'
uses: 'step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c' # v2.9.0
with:
disable-sudo: true
egress-policy: 'block'
allowed-endpoints: >
api.github.com:443
api.securityscorecards.dev:443
github.com:443
- name: 'Checkout the repository'
uses: 'actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332' # v4.1.7
- name: 'Dependency Review'
uses: 'actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c' # v4.3.4
with:
comment-summary-in-pr: true
fail-on-severity: 'low'
fail-on-scopes: 'runtime,development,unknown'
show-openssf-scorecard: true
vulnerability-check: true
warn-on-openssf-scorecard-level: 6
warn-only: false
...