From 0bb8c0182e993119ac00f93f6ab8426dab00bff8 Mon Sep 17 00:00:00 2001
From: immutable-art <138187673+immutable-art@users.noreply.github.com>
Date: Fri, 11 Oct 2024 16:37:29 +1100
Subject: [PATCH] [ITSEC-2280] Fix the dependency review action (#247)

* ITSEC-2280 Add Dependency Review job; Add SBOM signing.

* ITSEC-2280 Update CODEOWNERS to include Product Security on .github

* ITSEC-2280: Fix the dependency review action

Signed-off-by: immutable-art <138187673+immutable-art@users.noreply.github.com>

---------

Signed-off-by: immutable-art <138187673+immutable-art@users.noreply.github.com>
---
 .github/workflows/test.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index cc98a486..5c21fbd0 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -102,6 +102,10 @@ jobs:
       with:
         # Possible values: "critical", "high", "moderate", "low"
         fail-on-severity: critical
+
+        # Address https://github.com/actions/dependency-review-action/issues/456
+        base-ref: ${{ github.event.pull_request.base.sha || github.event.repository.default_branch }}
+        head-ref: ${{ github.event.pull_request.head.sha || github.ref }}
   publish:
     name: Publish to NPM (dry run)
     runs-on: ubuntu-latest