From 30fb1854e5fbc05fb275529717c932f149651cbc Mon Sep 17 00:00:00 2001
From: Patrick Dawkins <patrick@platform.sh>
Date: Mon, 16 Dec 2024 11:40:21 +0000
Subject: [PATCH] Add dependency review action

---
 .github/workflows/security.yml | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 9250b6c18..6b71924b9 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -1,13 +1,11 @@
-name: Secret scanning
+name: Security
+on: [pull_request]
 
-on:
-  push:
-    branches:
-  pull_request:
-    branches:
+permissions:
+  contents: read
 
 jobs:
-  scan:
+  check:
     runs-on: ubuntu-latest
 
     steps:
@@ -15,7 +13,10 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Scan for secrets
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v4
+
+      - name: 'Scan for secrets'
         uses: trufflesecurity/trufflehog@main
         with:
           extra_args: --only-verified