Configure dependency review for vulnerability severity and license type

The Dependency Review GitHub Action, which checks if pull requests introduce a dependency with a known vulnerability, now supports configuration based on vulnerability severity and license type.

The following configuration options are available:

fail-on-severity: the action will fail on any pull requests that introduce vulnerabilities of the specified severity level or higher
allow-licenses: the action will fail on pull requests that introduce dependencies with licenses that do not match the list
deny-licenses: the action will fail on pull requests that introduce dependencies with licenses that match the list

The action is available for all public repositories, as well as private repositories that have Github Advanced Security licensed.

Learn more about dependency review enforcement.
Learn more about configuring the Dependency Review GitHub Action.

MAY.7Improvement
Repository rulesets: User bypass and branch renaming
- Platform Governance
APR.16Improvement
Rule insights dashboard and unified filter bar
- Platform Governance
APR.9Improvement
New Low Quality option in the Hide comment menu
- Platform Governance
FEB.17Improvement
Custom properties and rule insights improvements
- Platform Governance
SEP.10Improvement
GitHub ruleset exemptions and repository insights updates
- Platform Governance
SEP.1Improvement
GraphQL API resource limits
- Platform Governance
JUL.21Improvement
Including timeouts in primary rate limits
- Platform Governance
APR.22Improvement
Updates to security configuration settings for customers in existing grace periods
- Platform Governance
APR.9Improvement
Push rule delegated bypass and custom property regex support are generally available and repository policy delegated bypass is in preview
- Platform Governance

Configure dependency review for vulnerability severity and license type

Related Posts

Subscribe to our developer newsletter