Skip to content

ci: add dependency review job to PR workflow#4631

Merged
erikgb merged 1 commit intoweaveworks:mainfrom
erikgb:dependency-review
Jan 28, 2025
Merged

ci: add dependency review job to PR workflow#4631
erikgb merged 1 commit intoweaveworks:mainfrom
erikgb:dependency-review

Conversation

@erikgb
Copy link
Copy Markdown
Contributor

@erikgb erikgb commented Jan 26, 2025

Closes

What changed?

New job in PR workflow including https://github.com/actions/dependency-review-action.

Why was this change made?

Will allow detection of vulnerable dependencies, and could potentially be used to check licenses. Inspired by a StepSecurity analyze of our repo.

How was this change implemented?

How did you validate the change?

Release notes

Documentation Changes

@erikgb erikgb requested a review from casibbald January 26, 2025 15:50
@erikgb erikgb force-pushed the dependency-review branch from 1cfcbf7 to 51355e0 Compare January 26, 2025 15:52
@erikgb erikgb changed the title Dependency review ci: add dependency review job to PR workflow Jan 26, 2025
@erikgb erikgb enabled auto-merge (rebase) January 26, 2025 15:52
@erikgb erikgb force-pushed the dependency-review branch 3 times, most recently from cf3cbf1 to 926efdd Compare January 27, 2025 20:08
@erikgb erikgb requested a review from a team January 28, 2025 07:11
@erikgb erikgb force-pushed the dependency-review branch from 926efdd to b4268d5 Compare January 28, 2025 08:21
@erikgb erikgb merged commit 0ba00ec into weaveworks:main Jan 28, 2025
@erikgb erikgb mentioned this pull request Jan 28, 2025
Merged
This was referenced Feb 4, 2025
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@casibbald casibbald casibbald approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@erikgb @casibbald