mirror of
https://github.com/Unleash/unleash.git
synced 2024-12-28 00:06:53 +01:00
c932d2a02b
To help with compliance with customer's OSS requirements, this now bans usage of GPL and LGPL, as well as scans PRs for dependency vulnerabilities and new licenses being added.
23 lines
500 B
YAML
23 lines
500 B
YAML
name: Dependency review
|
|
|
|
on:
|
|
pull_request:
|
|
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
|
|
jobs:
|
|
license_review:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
- name: Dependency review
|
|
uses: actions/dependency-review-action@v4
|
|
with:
|
|
fail-on-severity: moderate
|
|
#
|
|
deny-licenses: GPL-1.0, GPL-2.0, GPL-3.0, LGPL-2.1, LGPL-3.0, MPL-2.0, AGPL-3.0
|
|
comment-summary-in-pr: always
|