0x524a
477a6c2927
- Updated SonarCloud exclusions to include CLI tools and examples for better security hotspot analysis. - Added new issue exclusions for hardcoded IP addresses and credentials in test files and CLI tools. - Upgraded various GitHub Actions to their latest versions for improved performance and security. - Streamlined CI workflows by ensuring consistent usage of action versions across all jobs.
23 lines
513 B
YAML
23 lines
513 B
YAML
name: Dependency Review
|
|
|
|
on:
|
|
pull_request:
|
|
branches: [ master, main, develop ]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
dependency-review:
|
|
name: Review Dependencies
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Dependency Review
|
|
uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1
|
|
with:
|
|
fail-on-severity: moderate
|