From d3d239f6e04a85d604474b9da533075c4c0b89de Mon Sep 17 00:00:00 2001
From: Raghavendra Talur <raghavendra.talur@gmail.com>
Date: Fri, 22 Nov 2024 01:47:44 -0500
Subject: [PATCH] github: add a dependency review action

This action provides information about
* Which dependencies were added, removed, or updated.
* How many projects use these components.
* Vulnerability data for these dependencies.
* License type and compatibility.

For more info, read:
- [Understanding Your Software Supply Chain](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)
- [Dependency Review Action](https://github.com/actions/dependency-review-action)

Signed-off-by: Raghavendra Talur <raghavendra.talur@gmail.com>
---
 .github/workflows/dependency-review.yaml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 .github/workflows/dependency-review.yaml

diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml
new file mode 100644
index 000000000..e180d4922
--- /dev/null
+++ b/.github/workflows/dependency-review.yaml
@@ -0,0 +1,18 @@
+# SPDX-FileCopyrightText: The RamenDR authors
+# SPDX-License-Identifier: Apache-2.0
+
+---
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v4
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v4