Show vulnerabities and license information on the job summary.

README.md

@@ -4,8 +4,13 @@ This action scans your pull requests for dependency changes and will raise an er
 
 The action is available for all public repositories, as well as private repositories that have GitHub Advanced Security licensed.
 
+You can see the results on the job logs
+
 <img width="854" alt="Screen Shot 2022-03-31 at 1 10 51 PM" src="https://user-images.githubusercontent.com/2161/161042286-b22d7dd3-13cb-458d-8744-ce70ed9bf562.png">
 
+or on the job summary
+
+<img src="https://user-images.githubusercontent.com/7847935/182871416-50332bbb-b279-4621-a136-ca72a4314301.png">
 
 ## Installation
 
@@ -58,6 +63,7 @@ jobs:
 ```
 
 ## Configuration
+
 You can pass additional options to the Dependency Review
 Action using your workflow file. Here's an example workflow with
 all the possible configurations:
@@ -159,4 +165,5 @@ We are grateful for any contributions made to this project.
 Please read [CONTRIBUTING.MD](https://github.com/actions/dependency-review-action/blob/main/CONTRIBUTING.md) to get started.
 
 ## License
+
 This project is released under the [MIT License](https://github.com/actions/dependency-review-action/blob/main/LICENSE).

src/main.ts

@@ -7,6 +7,7 @@ import {Change, PullRequestSchema, Severity} from './schemas'
 import {readConfig} from '../src/config'
 import {filterChangesBySeverity} from '../src/filter'
 import {getDeniedLicenseChanges} from './licenses'
+import * as summary from './summary'
 
 async function run(): Promise<void> {
   try {
@@ -36,34 +37,41 @@ async function run(): Promise<void> {
       deny: config.deny_licenses
     }
 
-    const filteredChanges = filterChangesBySeverity(
+    const addedChanges = filterChangesBySeverity(
       minSeverity as Severity,
       changes
-    )
-
-    for (const change of filteredChanges) {
-      if (
+    ).filter(
+      change =>
         change.change_type === 'added' &&
         change.vulnerabilities !== undefined &&
         change.vulnerabilities.length > 0
-      ) {
-        printChangeVulnerabilities(change)
-        failed = true
-      }
-    }
+    )
 
     const [licenseErrors, unknownLicenses] = getDeniedLicenseChanges(
       changes,
       licenses
     )
 
+    summary.addSummaryToSummary(addedChanges, licenseErrors, unknownLicenses)
+
+    if (addedChanges.length > 0) {
+      for (const change of addedChanges) {
+        printChangeVulnerabilities(change)
+      }
+      failed = true
+    }
+
+    summary.addChangeVulnerabilitiesToSummary(addedChanges, minSeverity || '')
+
     if (licenseErrors.length > 0) {
       printLicensesError(licenseErrors)
       core.setFailed('Dependency review detected incompatible licenses.')
     }
 
     printNullLicenses(unknownLicenses)
 
+    summary.addLicensesToSummary(licenseErrors, unknownLicenses, config)
+
     if (failed) {
       core.setFailed('Dependency review detected vulnerable packages.')
     } else {
@@ -87,6 +95,8 @@ async function run(): Promise<void> {
         core.setFailed('Unexpected fatal error')
       }
     }
+  } finally {
+    await core.summary.write()
   }
 }