GH-500 - Configure and use supply chain security - Section 3.3
Configure Dependency Review for pre-merge checks, including license and compliance validation and the dependency review action.
Configure Dependency Review to block pull requests that introduce vulnerable or licence-incompatible dependencies before they are merged. Use the dependency-review-action in GitHub Actions workflows to enforce pre-merge checks and define which licences are permitted or denied.
Dependency Reviewdependency-review-actionpre-merge checkslicense compliance
More in this domain
Back to all Configure and use supply chain security objectives, or the GH-500 cert hub.
Examworthy is not affiliated with or endorsed by GitHub. Original, blueprint-aligned practice material only.