From d235b6509b30374528ce09be4b4bde1a5c8deec3 Mon Sep 17 00:00:00 2001
From: Joshua Fernandes <joshua.fernandes@consensys.net>
Date: Fri, 27 Oct 2023 16:49:25 +1000
Subject: [PATCH] adding in a couple of workflows to check dependencies

---
 .github/workflows/dependabot.yml        | 11 +++++++++++
 .github/workflows/dependency_review.yml | 18 ++++++++++++++++++
 2 files changed, 29 insertions(+)
 create mode 100644 .github/workflows/dependabot.yml
 create mode 100644 .github/workflows/dependency_review.yml

diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml
new file mode 100644
index 000000000..f43eea3b1
--- /dev/null
+++ b/.github/workflows/dependabot.yml
@@ -0,0 +1,11 @@
+name: 'Dependency Review'
+
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "sunday"
+    assignees:
+      - "protocol-galileo"      
\ No newline at end of file
diff --git a/.github/workflows/dependency_review.yml b/.github/workflows/dependency_review.yml
new file mode 100644
index 000000000..cde9caa82
--- /dev/null
+++ b/.github/workflows/dependency_review.yml
@@ -0,0 +1,18 @@
+name: 'Dependency Review'
+
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v4
+      - name: Dependency Review
+        uses: actions/dependency-review-action@v3
+        with:
+          fail-on-severity: high
+          deny-licenses: LGPL-2.0, BSD-2-Clause
\ No newline at end of file