Golden #11

	name: Vulnerability Scan
	on:
	pull_request:
	types: [opened]
	workflow_dispatch: # Allow manual trigger

	permissions:
	pull-requests: write

	jobs:
	scan:
	runs-on: ubuntu-latest
	steps:
	# Github Code Checkout Action
	- name: Git Checkout
	uses: actions/checkout@v4

	- name: Dependency Review
	uses: actions/dependency-review-action@v4
	with:
	fail-on-severity: moderate
	license-check: false
	comment-summary-in-pr: always

	- name: Report
	if : ${{ failure() && steps.review.outputs.comment-content }}
	shell: bash
	env:
	COMMENT: ${{ steps.review.outputs.comment-content }}
	run: \|
	echo "$COMMENT"

	- name: List Vulnerable Dependencies
	if: ${{ failure() && steps.review.conclusion == 'failure' }}
	shell: bash
	env:
	VULNERABLE_CHANGES: ${{ steps.review.outputs.vulnerable-changes }}
	run: \|
	echo "$VULNERABLE_CHANGES" \| jq '.[].package_url'

Provide feedback