Create action-dependency-review.yml

action-templates/actions/action-dependency-review/action.yml

@@ -0,0 +1,15 @@
+name: dependency-review
+inputs:
+  allow-dependencies-licenses:
+    default: "it-at-m/.github/workflow-configs/dependency_review.yaml@main"
+    type: string
+    description: A path to a file in the current repository or an external repository.
+runs:
+  using: "composite"
+  steps:
+    - name: Checkout code
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+    - name: Dependency Review
+      uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
+      with:
+        config-file: ${{ inputs.allow-dependencies-licenses }}

docs/actions.md

@@ -161,6 +161,10 @@ Executes the following steps:
     artifact-path: ./target/*.jar
 ```
 
+### action-dependecy-review
+
+The dependency review action scans your pull requests for dependency changes, and will raise an error if any vulnerabilities or invalid licenses are being introduced
+
 ### action-deploy-docs
 
 Action to deploy a docs artifact to a web page.