it-at-m · hupling · Mar 6, 2025 · Mar 5, 2025 · Mar 5, 2025 · Mar 5, 2025
diff --git a/action-templates/actions/action-dependency-review/action.yml b/action-templates/actions/action-dependency-review/action.yml
@@ -0,0 +1,10 @@
+name: dependency-review
+runs:
+  using: "composite"
+  steps:
+    - name: Checkout code
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+    - name: Dependency Review
+      uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
+      with:
+        config-file: it-at-m/.github/workflow-configs/dependency_review.yaml@main
diff --git a/docs/actions.md b/docs/actions.md
@@ -161,6 +161,10 @@ Executes the following steps:
     artifact-path: ./target/*.jar
 ```
 
+### action-dependecy-review
+
+The dependency review action scans your pull requests for dependency changes, and will raise an error if any vulnerabilities or invalid licenses are being introduced
+
 ### action-deploy-docs
 
 Action to deploy a docs artifact to a web page.