Test package deny list 6 #9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Dependency Review' | |
| # This trigger will cause the action to run on any PR between any two branches. | |
| # This is the default state in ordor to provide the earliest possible awareness to developers of new issues they may introduce. | |
| # If you want a more targeted set of PR's to be screened, you can expand this with branch and/or path names. | |
| on: [pull_request] | |
| permissions: | |
| contents: read | |
| # Necessary for summary of evaluation in PR. | |
| pull-requests: write | |
| jobs: | |
| dependency-review: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: 'Checkout Repository' | |
| uses: actions/checkout@v4 | |
| - name: 'Dependency Review' | |
| uses: actions/dependency-review-action@v4 | |
| with: | |
| fail-on-severity: critical | |
| fail-on-scopes: runtime | |
| comment-summary-in-pr: always | |
| deny-packages: pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/log4j-core@2,pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected],pkg:maven/org.apache.logging.log4j/[email protected] | |
| deny-groups: pkg:maven/log4j | |
| retry-on-snapshot-warnings: true | |
| warn-only: true | |
| license-check: false |