Feature - Add a check for dependency review action

[naveensrinivasan]

Is your feature request related to a problem? Please describe.
The dependency review action lets you proactively block pull requests that introduce dependencies with known vulnerabilities.

GitHub introduced https://github.com/actions/dependency-review-action https://github.blog/2022-04-06-prevent-introduction-known-vulnerabilities-into-your-code/

[naveensrinivasan]

@ossf/scorecard-maintainers Thoughts about including this in our checks. Either include it part of Dependency check or Vulnerability check.

[naveensrinivasan]

@azeemshaikh38 / @laurentsimon FYI...

Didn't realize @azeemshaikh38 and @laurentsimon weren't in the @ossf/scorecard-admins or @ossf/scorecard-maintainers groups.

[laurentsimon]

list of dependency-related checks we can put in a single check:

• Feature: add check for vulnerability alerts #1371
• New check: check for dependency scanner #413
• New check: Check for vulnerabilities in your dependency trees #1508
• Feature: Improve dependabot detection thru PRs or parsing config file #874

Maybe we need to keep track of these under single issue?

[github-actions]

This issue is stale because it has been open for 60 days with no activity.

[github-actions]

This issue is stale because it has been open for 60 days with no activity.