OpenFGA MCP

name: "Security: Dependency Review" on: pull_request: types: [opened, synchronize, reopened, edited] permissions: contents: read jobs: dependency-review: name: "PR Changes" runs-on: ubuntu-latest permissions: contents: read steps: - name: Harden the runner (Audit all outbound calls) uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout Repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Dependency Review uses: actions/dependency-review-action@595b5aeba73380359d98a5e087f648dbb0edce1b # v4.7.3 with: # Scan for vulnerabilities and reject PR if severity threshold exceeded fail-on-severity: critical # Deny licenses that are problematic for open source projects deny-licenses: "AGPL-1.0-only, AGPL-1.0-or-later, AGPL-3.0-only, AGPL-3.0-or-later" # Additional reviewers for dependency-related changes comment-summary-in-pr: true