diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 52c1307ad..564602455 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -57,3 +57,17 @@ jobs: - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 + + dependency-review: + runs-on: ubuntu-latest + steps: + - name: 'Checkout Repository' + uses: actions/checkout@v3 + - name: 'Dependency Review' + uses: actions/dependency-review-action@v3 + # Refer: https://github.com/actions/dependency-review-action + with: + fail-on-severity: low + # Action will fail if dependencies don't match the list + #allow-licenses: Apache-2.0, MIT + #deny-licenses: GPL-3.0, AGPL-1.0, AGPL-3.0, LGPL-2.0, CC-BY-3.0 \ No newline at end of file