Reusable dependency review workflow

.github/workflows/reusable-dependency-review.yml

@@ -0,0 +1,41 @@
+name: 'Dependency Review'
+
+on:
+  workflow_call:
+    inputs:
+      fail-on-severity:
+        type: string
+        description: "Configure the severity level for vulnerability alerting. Possible values: critical, high, moderate, low."
+        default: "high"
+      allow-ghsas:
+        type: string
+        description: "A comma separated list of any GitHub Advisory IDs that can be skipped during detection. Example: 'GHSA-abcd-1234-5679, GHSA-efgh-1234-5679'"
+      deny-licenses:
+        type: string
+        description: "Add a custom list of licenses you want to block."
+      base-ref:
+        type: string
+        description: "Provide custom git references for the git base when performing the comparison."
+      head-ref:
+        type: string
+        description: "Provide custom git references for the git head when performing the comparison."
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    name: Scan dependencies for license compliance
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout Repository"
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+      - name: "Dependency Review"
+        uses: actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c # v2.5.1
+        with:
+          fail-on-severity: ${{ inputs.fail-on-severity }}
+          allow-ghsas: ${{ inputs.allow-ghsas }}
+          deny-licenses: ${{ inputs.deny-licenses }}
+          base-ref: ${{ inputs.base-ref }}
+          head-ref: ${{ inputs.head-ref }}
+