From aa6ac62a6822dbbaebe56abebd4d962632c71d99 Mon Sep 17 00:00:00 2001
From: Jens Troeger <jens.troeger@light-speed.de>
Date: Fri, 11 Nov 2022 22:37:40 +1000
Subject: [PATCH] feat(ci): add Dependency and License checks to build workflow

---
 .github/workflows/build.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 4599eee5..ea514e4a 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -57,6 +57,14 @@ jobs:
       with:
         fetch-depth: 0
 
+    # Dependency review scans for introduced vulnerabilities and compatible licenses.
+    - name: Dependency Review
+      uses: actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c # v2.5.1
+      with:
+        fail-on-severity: moderate
+        license-check: true
+        vulnerability-check: true
+
     - name: Set up Python
       uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # v4.3.0
       with: