UNPKG

projen

Version:

CDK for software projects

github.com/projen/projen

projen/projen

102 lines (101 loc) 2.81 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
import type { GitHub } from "./github"; import { Component } from "../component"; import type { GroupRunnerOptions } from "../runner-options"; /** * Options for the DependencyReview component. */ export interface DependencyReviewOptions { /** * The severity level at which the action will fail. * * @default - no minimum severity (action default is "low") */ readonly failOnSeverity?: "low" | "moderate" | "high" | "critical"; /** * List of allowed SPDX license identifiers. * * @default - no license allow-list */ readonly allowLicenses?: string[]; /** * Enable or disable the vulnerability check. * * @default true */ readonly vulnerabilityCheck?: boolean; /** * Enable or disable the license check. * * @default true */ readonly licenseCheck?: boolean; /** * Scopes of dependencies to fail on. * * @default - no scopes filter (action default is "runtime") */ readonly failOnScopes?: Array<"runtime" | "development" | "unknown">; /** * Path to an external configuration file. * * @default - no external config */ readonly configFile?: string; /** * GitHub Advisory Database IDs that can be skipped during detection. * * @default - no advisories are skipped */ readonly allowGhsas?: string[]; /** * Packages to block in a PR (in purl format). * * @default - no packages are denied */ readonly denyPackages?: string[]; /** * Whether to post a comment summary on the PR. * * @default "always" */ readonly commentSummaryInPr?: "always" | "on-failure" | "never"; /** * When true, the action will only warn and not fail. * * @default false */ readonly warnOnly?: boolean; /** * Show OpenSSF Scorecard scores for dependencies. * * @default true */ readonly showOpenSSFScorecard?: boolean; /** * Score threshold for OpenSSF Scorecard warnings. * * @default 3 */ readonly warnOnOpenSSFScorecardLevel?: number; /** * Github Runner selection labels. * * @default ["ubuntu-latest"] */ readonly runsOn?: string[]; /** * Github Runner Group selection options. */ readonly runsOnGroup?: GroupRunnerOptions; } /** * Adds a GitHub workflow that runs the dependency-review-action on pull requests. * * This action scans pull requests for dependency changes and raises an error * if any vulnerabilities or invalid licenses are introduced. * * @see https://github.com/actions/dependency-review-action */ export declare class DependencyReview extends Component { constructor(github: GitHub, options?: DependencyReviewOptions); }