name: 'Dependency Review'

on: [pull_request]

permissions:
  contents: read
  pull-requests: write

jobs:
  dependency-review:
    runs-on: ubuntu-latest
    steps:
      - name: 'Checkout Repository'
        uses: actions/checkout@v4

      - name: 'Dependency Review'
        uses: actions/dependency-review-action@v3
        with:
          comment-summary-in-pr: true
          fail-on-scopes: 'runtime, development, unknown'
          fail-on-severity: 'low'
          license-check: true
          vulnerability-check: true