This Action scans your pull requests for vulnerabilities introduced when adding or updating your project's dependencies. A check in your Pull Requests will let notify you of the results.

1. Add a new YAML workflow to your .github/workflows folder:

name: 'Dependency Review'
on: [pull_request]

permissions:
  contents: read

jobs:
  dependency-review:
    runs-on: ubuntu-latest
    steps:
      - name: 'Checkout Repository'
        uses: actions/checkout@v3
      - name: 'Dependency Review'
        uses: actions/dependency-review-action@v1

If you have bug reports, questions or suggestions please create a new issue.

We are grateful for any contributions made to this project.

Please read CONTRIBUTING.MD to get started.

This project is released under the MIT License.