Prevent the introduction of known vulnerabilities into your code

Understanding the security of your software supply chain is vital, and GitHub's dependency review action enhances this by proactively blocking pull requests that introduce dependencies with known vulnerabilities. This GitHub Action automates the detection of vulnerabilities, which would otherwise only appear in the rich diff of a pull request, by scanning new dependency changes against the GitHub Advisory Database. If a vulnerability is found, the action raises an error with details, allowing developers to address the issue with contextual intelligence. The action is supported by an API that compares dependencies across revisions and is available on GitHub Marketplace for all public repositories and private ones with GitHub Advanced Security. Currently in public beta, the action is set to expand with more customizable failure criteria based on factors like vulnerability severity and license type, along with improvements in the user interface to enhance usability. Feedback from users is encouraged to help refine the tool and its documentation further.