Skip to content

Commit 6880856

Browse files
devin-ai-integration[bot]pkaeding
devin-ai-integration[bot]
and
pkaeding
committed
feat: [SEC-7263] Add dependency-scan GitHub Actions workflow
- Add dependency-scan workflow for Node.js SBOM generation - Include policy evaluation for license compliance - Use private repository workflow pattern with common-actions Co-Authored-By: Patrick Kaeding <patrick@kaeding.name>
1 parent 6cd4137 commit 6880856

File tree

1 file changed

+32
-0
lines changed

1 file changed

+32
-0
lines changed

.github/workflows/dependency-scan.yml

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
name: Dependency Scan
2+
3+
on:
4+
pull_request:
5+
push:
6+
branches:
7+
- main
8+
9+
jobs:
10+
generate-sbom:
11+
runs-on: ${{ github.run_id }}/runner=ubuntu22-2cpu-8gb-x64
12+
steps:
13+
- uses: runs-on/action@cd2b598b0515d39d78c38a02d529db87d2196d1e # v2.0.3
14+
- uses: launchdarkly/common-actions/init@main
15+
16+
- name: Generate SBOM
17+
uses: launchdarkly/common-actions/dependency-scan/generate-sbom@main
18+
with:
19+
types: 'nodejs'
20+
21+
evaluate-policy:
22+
runs-on: ${{ github.run_id }}/runner=ubuntu22-2cpu-8gb-x64
23+
needs:
24+
- generate-sbom
25+
steps:
26+
- uses: runs-on/action@cd2b598b0515d39d78c38a02d529db87d2196d1e # v2.0.3
27+
- uses: launchdarkly/common-actions/init@main
28+
29+
- name: Evaluate SBOM Policy
30+
uses: launchdarkly/common-actions/dependency-scan/evaluate-policy@main
31+
with:
32+
artifacts-pattern: bom-*

0 commit comments

Comments
 (0)