StepSecurity Logo
actions/dependency-review-action

actions/dependency-review-action

A GitHub Action for detecting vulnerable dependencies and invalid licenses in your PRs

GitHubGithub Repository

623 stars

Node.js

Node Action

Updated 5 days ago

GitHub Actions security score

actions/dependency-review-action

Score

9/10

License

MIT License

Maintained

28 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10

Vulnerabilities

0 existing vulnerabilities detected

Branch protection

branch protection is not maximal on development and all release branches

Manual code review

-

Secure publishing

-

Signed commits

-

Automated security tools

-

Popular

Used by 1088 open-source projects

Security Policy

security policy file detected

Networking Behavior of actions/dependency-review-action

This GitHub Action often makes outbound network calls to these destinations, as gathered from public workflows using the Harden-Runner GitHub Action. Harden-Runner offers network egress filtering and runtime security for both GitHub-hosted and self-hosted runners.

Popular DestinationUnknown Destination
Network DestinationOwner
api.github.comGitHubGitHub
api.deps.devUnknown
api.securityscorecards.devUnknown
github.comGitHubGitHub