Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

actions / dependency-review-action Public

Notifications You must be signed in to change notification settings
Fork 107
Star 610

Code
Issues 33
Pull requests 4
Discussions
Actions
Projects
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Discussions
Actions
Projects
Security
Insights

Releases: actions/dependency-review-action

Releases Tags

Releases · actions/dependency-review-action

3.1.1

06 Nov 07:08

febuiles

v3.1.1

9f45b24

Compare

Choose a tag to compare

View all tags

3.1.1

Marketplace

What's Changed

Update a bunch of dependencies, including major version upgrades for octokit, @actions/github and typescript.

Full Changelog: v3.1.0...v3.1.1

Assets 2

0xfeeddeadbeef reacted with hooray emoji

jeffpaul reacted with rocket emoji

All reactions

🎉 1 reaction
🚀 1 reaction

2 people reacted

3.1.0

07 Sep 21:55

juxtin

v3.1.0

6c5ccda

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23

Expired

Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

3.1.0

Marketplace

What's New

Added support for dependencies submitted through the dependency submission API. This includes two new configuration parameters: retry-on-snapshot-warnings and retry-on-snapshot-warnings-timeout.

What's Changed

Fix(docs): Correct action input name by @oerd in #551

New Contributors

@oerd made their first contribution in #551

Full Changelog: v3...v3.1.0

Contributors

oerd

Assets 2

jeffpaul reacted with rocket emoji

All reactions

🚀 1 reaction

1 person reacted

3.0.8

15 Aug 08:11

febuiles

v3.0.8

f6fff72

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23

Expired

Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

3.0.8

Marketplace

What's Changed

Added on-failure option to comment-summary-in-pr setting by @sgmurphy in #540

Previous configuration files using true/false for comment-summary-in-pr will be mapped automatically to the new values, but we encourage you to update to always/on-failure/never.

New Contributors

@sgmurphy made their first contribution in #540

Full Changelog: v3...v3.0.8

Contributors

sgmurphy

Assets 2

xkid1, sgmurphy, and addepar-tg reacted with thumbs up emoji

jeffpaul, sgmurphy, and addepar-tg reacted with rocket emoji

All reactions

👍 3 reactions
🚀 3 reactions

4 people reacted

3.0.7

09 Aug 13:30

febuiles

v3.0.7

7d90b4f

Compare

Choose a tag to compare

View all tags

3.0.7

Marketplace

What's Changed

Make GHES support / setup more clear by @rajbos in #534
Add an option to deny packages or groups of packages by @adrienpessu in #544

New Contributors

@rajbos made their first contribution in #534
@adrienpessu made their first contribution in #544

Full Changelog: v3...v3.0.7

Contributors

rajbos and adrienpessu

Assets 2

xkid1 reacted with thumbs up emoji

jeffpaul reacted with rocket emoji

All reactions

👍 1 reaction
🚀 1 reaction

2 people reacted

3.0.6

31 May 15:12

febuiles

v3.0.6

1360a34

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23

Expired

Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

3.0.6

Marketplace

Fixes a bug introduced in 3.0.5 where we raised PURL errors when Dependency Graph returns an empty package_url.

Assets 2

Huncho3511 reacted with thumbs up emoji

kachick and jboursier-mwb reacted with hooray emoji

theztefan, CharlieSu, sarahkemi, and jeffpaul reacted with rocket emoji

All reactions

👍 1 reaction
🎉 2 reactions
🚀 4 reactions

7 people reacted

3.0.5

31 May 12:30

febuiles

v3.0.5

554aaf5

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23

Expired

Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

3.0.5

Marketplace

What's Changed

Thanks to @theztefan, we now have a new allow-dependencies-licenses option that takes a list of dependencies that will be excluded from license checks. See the configuration options for more information on how to use it.