Skip to content

Commit 204dd20

Browse files
eco-JoshuaJacksoneco-JoshuaJackson
authored
Merge pull request #15 from lever/appsec-ghas-dependabot
Feat: Dependency Review Workflow
1 parent 75c4a7e commit 204dd20

2 files changed

Lines changed: 80 additions & 0 deletions

File tree

.github/dependabot.yml

Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,61 @@
1+
# for more information on how to configure Dependabot, please visit https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates
2+
3+
version: 2
4+
updates:
5+
- package-ecosystem: "docker"
6+
directory: "/"
7+
schedule:
8+
interval: "weekly"
9+
- package-ecosystem: "github-actions"
10+
directory: "/"
11+
schedule:
12+
interval: "weekly"
13+
- package-ecosystem: "gradle"
14+
directory: "/"
15+
schedule:
16+
interval: "weekly"
17+
- package-ecosystem: "pip"
18+
directory: "/"
19+
schedule:
20+
interval: "weekly"
21+
- package-ecosystem: "npm"
22+
directory: "/"
23+
schedule:
24+
interval: "weekly"
25+
# Adding other package-ecosystems. Excluding hex/elm/submodules/cargo/swift
26+
- package-ecosystem: "bundler"
27+
directory: "/"
28+
schedule:
29+
interval: "weekly"
30+
- package-ecosystem: "composer"
31+
directory: "/"
32+
schedule:
33+
interval: "weekly"
34+
- package-ecosystem: "gomod"
35+
directory: "/"
36+
schedule:
37+
interval: "weekly"
38+
- package-ecosystem: "maven"
39+
directory: "/"
40+
schedule:
41+
interval: "weekly"
42+
- package-ecosystem: "nuget"
43+
directory: "/"
44+
schedule:
45+
interval: "weekly"
46+
- package-ecosystem: "pub"
47+
directory: "/"
48+
schedule:
49+
interval: "weekly"
50+
- package-ecosystem: "terraform"
51+
directory: "/"
52+
schedule:
53+
interval: "weekly"
54+
- package-ecosystem: "devcontainers"
55+
directory: "/"
56+
schedule:
57+
interval: "weekly"
58+
- package-ecosystem: "dotnet-sdk"
59+
directory: "/"
60+
schedule:
61+
interval: "weekly"

.github/workflows/dependency_enforcement.yml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
# For most projects, this workflow file will not need changing; you simply need
2+
# to commit it to your repository.
3+
#
4+
5+
name: "Dependency Review"
6+
on: [pull_request]
7+
permissions:
8+
contents: read
9+
jobs:
10+
dependency-review:
11+
runs-on: lever-self-hosted
12+
steps:
13+
- name: "Checkout Repository"
14+
uses: actions/checkout@v4
15+
- name: Dependency Review
16+
uses: actions/dependency-review-action@v4
17+
with:
18+
fail-on-severity: critical
19+
fail-on-scopes: runtime, development

0 commit comments

Comments
 (0)