Skip to content

core(gha): Added GitHub Action workflow for Dependency Review#2

Merged
shortthirdman merged 1 commit into
mainfrom
github/dependency-review
Sep 21, 2025
Merged

core(gha): Added GitHub Action workflow for Dependency Review#2
shortthirdman merged 1 commit into
mainfrom
github/dependency-review

Conversation

@shortthirdman

Copy link
Copy Markdown
Owner

📑 Description

GitHub Actions: Added Dependency Review workflow as part of status checks

  • Completed

✅ Checks

  • My pull request adheres to the code style of this project
  • My code requires changes to the documentation
  • I have updated the documentation as required
  • All the tests have passed

ℹ Additional Information

N/A

Signed-off-by: Swetank Mohanty <shortthirdman@users.noreply.github.com>
@shortthirdman shortthirdman self-assigned this Sep 21, 2025
@shortthirdman shortthirdman added the enhancement New feature or request label Sep 21, 2025
@github-actions

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/checkout 4.*.* 🟢 6.8
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Maintained🟢 57 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ -1internal error: error during GetBranch(releases/v2): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/actions/dependency-review-action 4.*.* 🟢 7.9
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 9security policy file detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 6branch protection is not maximal on development and all release branches
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 91 existing vulnerabilities detected

Scanned Files

  • .github/workflows/dependency-review.yml

@shortthirdman shortthirdman merged commit 3aefbe7 into main Sep 21, 2025
1 of 2 checks passed
@shortthirdman shortthirdman deleted the github/dependency-review branch September 21, 2025 09:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

enhancement New feature or request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant