Skip to content

Bump step-security/harden-runner from 2.9.1 to 2.10.2 #8

Bump step-security/harden-runner from 2.9.1 to 2.10.2

Bump step-security/harden-runner from 2.9.1 to 2.10.2 #8

Workflow file for this run

---
name: dependency
on:
# Review dependencies on pull requests to the default branch
pull_request:
branches: ["main"]
# Declare default permissions as read-only
permissions: read-all
jobs:
dependency-review:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- name: 🔒 harden runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: 🔂 dependency review
uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
with:
fail-on-severity: "high"
deny-licenses: "AGPL-1.0, AGPL-3.0"
comment-summary-in-pr: true
warn-on-openssf-scorecard-level: 3