Introduce `actions/dependency-review-action`

[Dependency Review](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review) is recommended by the GitHub Advanced Security folks.

To use it, we would add [`actions/dependency-review-action`](https://github.com/actions/dependency-review-action) to one of our CI workflows.

But... I'm not seeing a great way to introduce it to this repo without breaking things for users without GHAS licenses.

----

In order to use features that require a GHAS license, I see there's now [a way to see if GHAS is enabled on a repo](https://docs.github.com/en/rest/repos/repos?apiVersion=2022-11-28#get-a-repository), where part of the response looks like:
```json
"security_and_analysis": {
  "advanced_security": {
    "status": "enabled"
  }
}
```

However, it might be tricky to call that API as part of a workflow because
> In order to see the `security_and_analysis` block for a repository you must have admin permissions for the repository or be an owner or security manager for the organization that owns the repository.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Introduce `actions/dependency-review-action` #845

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Introduce actions/dependency-review-action #845

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Introduce `actions/dependency-review-action` #845