actions/dependency-review-action

Issues

• [BUG] action does fail with valid licenses like Unicode-3.0

  #854 opened a month ago by ailox
  1

• [BUG] mypy 1.12 and 1.13 problems determining license

  #839 opened 2 months ago by emlowe
  2

• `fail-on-severity` should still show lower severity vulnerabilities

  #775 opened 7 months ago by mario-campos
  1

• Add list of resolved vulnerabilities to the PR Comment / Logs

  #717 opened 9 months ago by felickz
  6

• Allow this action to run on branch

  #754 opened a month ago by writemevm
  6

• Add comment when warn-only: true and comment-summary-in-pr: on-failure

  #817 opened a month ago by ebickle
  7

• [BUG] Incompatible licenses in actions/setup-python

  #842 opened 2 months ago by mryzhov
  2

• [BUG] unexpected addition of `AND NOASSERTION` to license when updating pywin32-ctypes

  #818 opened 4 months ago by altendky
  3

• Conflict between vulnerabilities in scorecard vs check

  #746 opened 2 months ago by james-smith-uk
  2

• [BUG] merge_group tigger fails due to different event structure

  #843 opened 2 months ago by ebickle
  2

• [BUG] Action fails in merge queue with v4.3.5

  #841 opened 2 months ago by kylebjordahl
  4

• [BUG] Error "fetch failed" when using proxy

  #814 opened 5 months ago by lindeberg
  4

• Can it work with normal push instead of just pull request?

  #826 opened 4 months ago by umeshnebhani733
  1

• Job Summary Size Limitation aborts the job [BUG]

  #786 opened 6 months ago by Shweta4398
  13

• `warn_only` Does Not Apply When Using a Deny List

  #734 opened 3 months ago by AlexWilson-GIS
  3

• MIT is an invalid SPDX license identifier?

  #742 opened 9 months ago by recurly-bearley
  3

• Create a PR check for default values in action.yml

  #723 opened 3 months ago by febuiles
  1

• Different configuration per package type?

  #834 opened 3 months ago by steve-gore-snapdocs
  0

• Add Scopes to Scanned Manifest Files inventory

  #713 opened 3 months ago by felickz
  1

• [BUG] `allow-dependencies-licenses` not respected after changing from `==` to `>=` with Python

  #812 opened 5 months ago by altendky
  0

• [BUG] Dependency Review reports the Vulnerability which we are updating.

  #830 opened 3 months ago by Shweta4398
  0

• Add option for commit status check

  #825 opened 4 months ago by ebickle
  0

• [BUG] warn-only set and job fails when having a vulnerability

  #824 opened 4 months ago by dolorsfg
  0

• Show patched version of dependency in the dependency review summary

  #823 opened 4 months ago by virangdoshi
  1

• [BUG] Dependency Review gets stuck if forked .

  #820 opened 4 months ago by Shweta4398
  1

• Packages being flagged incorrectly with invalid SPDX license definitions

  #809 opened 5 months ago by shubhashish-certa
  6

• Print `Dependency Changes` in PR comment

  #813 opened 5 months ago by wzieba
  0

• Report of existing Branch

  #808 opened 5 months ago by wortkotze
  0

• Support for GHES

  #805 opened 5 months ago by x3dfxjunkie
  0

• Duplicate

  #804 opened 5 months ago by felickz
  0

• [BUG] Action Is Now Unable To Parse NPM pURL Without a Namespace

  #799 opened 5 months ago by AlexWilson-GIS
  8

• [BUG] Listing too many allow-dependencies-licenses makes the summary output unreadable

  #801 opened 5 months ago by jtomkiew-mng
  0

• Adding a license in 'allow-dependencies-licenses' does not prevent it from being populated in "invalid-license-changes"

  #764 opened 8 months ago by sreya
  6

• [BUG] Release 4.3.4 breaking change with SPDX expressions

  #792 opened 6 months ago by jtomkiew-mng
  9

• Job Summary Size Limitation aborts the job

  #774 opened 6 months ago by alagappanu
  2

• error "fetch failed" with v4.2.5

  #736 opened 7 months ago by cpanato
  3

• Why is this not named `dependency-review`

  #780 opened 7 months ago by jasonkarns
  1

• [BUG] When the report exceeds 64KB pr issue is not created since it exceeds max comment issue

  #779 opened 7 months ago by tspascoal
  1

• Action fails to decorate PR when text is too long

  #730 opened 7 months ago by henriquevcosta
  2

• Error :- Purl String argument is required .

  #763 opened 8 months ago by Shweta4398
  4

• Configuring allow-dependencies-licenses fails the action

  #759 opened 8 months ago by jdavis-etdx
  3

• Latest release breaks dependabot

  #757 opened 8 months ago by phlax
  3

• v4.3.0 Causing PURL Processing Errors

  #752 opened 8 months ago by watercable76
  6

• Deny Packages Icon should be Red X (not a yellow warning)

  #731 opened 8 months ago by austimkelly
  3

• Scorecard table URLs include duplicate https://

  #738 opened 8 months ago by phyrog
  3

• Question: Is this action limited to revisions on the _default_ branch only?

  #743 opened 9 months ago by andreas-borglin
  2

• Feature Request: Block on unknown licenses

  #732 opened 9 months ago by austimkelly
  1

• Blocking issues (should block but does not)

  #714 opened 9 months ago by austimkelly
  5

• Bug: Some repos get error "fetch failed" when fetching v4.2.3

  #724 opened 9 months ago by lindeberg
  3

• Invalid URL for OpenSSF Scorecard Package

  #718 opened 9 months ago by dupuy
  3