Add allow dependencies license

Joonas Hiltunen · Joonas Hiltunen · commit 2cceaf284b66 · 2025-12-29T08:15:08.000+02:00
diff --git a/.github/dependency-scan-config.yaml b/.github/dependency-scan-config.yaml
@@ -3,6 +3,13 @@ show-openssf-scorecard: true
 license-check: true
 vulnerability-check: true
 comment-summary-in-pr: always
+fail-on-scopes: runtime
+
+# Add packages here if they fail the check and are ONLY used in development or in CI etc.
+# DO NOT ADD PACKAGES THAT ARE PACKAGED WITH THE BUILD
+allow-dependencies-licenses:
+  # Only used in CI
+  - trufflesecurity/trufflehog
 
 # List of explicitly allowed licenses for EUPL 1.2 Inbound Compatibility
 # (Allows importing these libraries into a EUPL 1.2 project)
diff --git a/.github/workflows/shared-dependency-scan.yml b/.github/workflows/shared-dependency-scan.yml
@@ -17,4 +17,4 @@ jobs:
       - name: Dependency Review
         uses: actions/dependency-review-action@v4
         with:
-          config-file: HSLdevcom/jore4-tools/.github/dependency-scan-config.yaml@shared-dependency-licenses-v1
+          config-file: HSLdevcom/jore4-tools/.github/dependency-scan-config.yaml@main
