From 51f970e5e3a3b6c86867ea047b3aa43a98551beb Mon Sep 17 00:00:00 2001 From: HelloFresh Github Actions Bot Date: Mon, 2 Sep 2024 14:56:36 +0000 Subject: [PATCH] Update Workflows [ci skip] --- .github/workflows/hf_pr-dependency-review.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .github/workflows/hf_pr-dependency-review.yml diff --git a/.github/workflows/hf_pr-dependency-review.yml b/.github/workflows/hf_pr-dependency-review.yml new file mode 100644 index 0000000..2bf7b1d --- /dev/null +++ b/.github/workflows/hf_pr-dependency-review.yml @@ -0,0 +1,18 @@ +# This workflow is centrally managed in +# https://github.com/hellofresh/github-automation/blob/master/modules/repository/shared-workflows/pr-dependency-review.yml + +# This workflow is for dependency review. It is used to check vulnerability in dependencies before merging the PR. +# It is managed by squad-application-security. + +--- +name: Dependency Review PR + +on: [pull_request] + +jobs: + pull_request_review: + permissions: + contents: read + pull-requests: write + name: Dependency Review + uses: hellofresh/ghas-rules/.github/workflows/dependency-review-reusable.yml@master