Add dependency review automation
What does this MR do and why?
This MR adds the Dependency review automation to GitLab pipeline. The aim of the automation is to
- a) Identify non-maintained and untrusted dependency while they are added to code base
- b) Assist Appsec dependency review process.
This automation adds a comment in the MR with dependency metadata and ping appsec
to new dependency introduced in the MR. This automation currently check for new ruby gems.
This MR replaces !119096 (closed)
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Nikhil George