The dependency review API is now generally available.
The Dependency Review GitHub Action now allows you to reference a local or external configuration file. There are also new configuration options:
fail-on-scopes: contains a list of strings representing the build environments you want to support (
unknown). The action will fail on pull requests that introduce vulnerabilities in the scopes that match the list
allow-ghsas: contains a list of GitHub Security Advisory IDs that can be skipped during detection
vulnerability-check: a boolean option that allows you disable either one of the checks