What is GitHub’s dependency review action and how does it enforce dependency security policies in PRs?

Question

Github — Hard

What is GitHub’s dependency review action and how does it enforce dependency security policies in PRs?

Accepted Answer

GitHub's dependency review action enforces security policies by comparing dependency changes in a PR against a configurable policy. This action blocks merges if vulnerabilities or untrusted sources are detected. Option B is correct as it accurately describes this process. Options A, C, and D are incorrect as they misrepresent the action's functionality.