[Ready to ship] Configuring the dependency review action on GHES (#29064)

content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md

@@ -52,6 +52,8 @@ The dependency review feature becomes available when you enable the dependency g
 
 The action is available for all {% ifversion fpt or ghec %}public repositories, as well as private {% endif %}repositories that have {% data variables.product.prodname_GH_advanced_security %} enabled.
 
+{% data reusables.dependency-review.action-enterprise %}
+
 You can use the {% data variables.product.prodname_dependency_review_action %} in your repository to enforce dependency reviews on your pull requests. The action scans for vulnerable versions of dependencies introduced by package version changes in pull requests, and warns you about the associated security vulnerabilities. This gives you better visibility of what's changing in a pull request, and helps prevent vulnerabilities being added to your repository. For more information, see [`dependency-review-action`](https://github.com/actions/dependency-review-action).
 
 ![Dependency review action example](/assets/images/help/graphs/dependency-review-action.png)
@@ -61,7 +63,7 @@ By default, the {% data variables.product.prodname_dependency_review_action %} c
 The action uses the Dependency Review REST API to get the diff of dependency changes between the base commit and head commit. You can use the Dependency Review API to get the diff of dependency changes, including vulnerability data, between any two commits on a repository. For more information, see "[Dependency review](/rest/reference/dependency-graph#dependency-review)."
 
 {% ifversion dependency-review-action-configuration %}
-You can configure the {% data variables.product.prodname_dependency_review_action %} to better suit your needs. For example, you can specify the severity level that will make the action fail, or set an allow or deny list for licenses to scan. For more information, see "[Configuring dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review#configuring-the-dependency-review-github-action)." 
+You can configure the {% data variables.product.prodname_dependency_review_action %} to better suit your needs. For example, you can specify the severity level that will make the action fail{% ifversion dependency-review-action-licenses %}, or set an allow or deny list for licenses to scan{% endif %}. For more information, see "[Configuring dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review#configuring-the-dependency-review-github-action)." 
 {% endif %}
 
 {% endif %}

content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md

@@ -62,14 +62,18 @@ The following configuration options are available.
 | Option | Required | Usage |
 |------------------|-------------------------------|--------|
 | `fail-on-severity` | Optional | Defines the threshold for level of severity (`low`, `moderate`, `high`, `critical`).</br>The action will fail on any pull requests that introduce vulnerabilities of the specified severity level or higher. |
-| `allow-licenses` | Optional | Contains a list of allowed licenses. You can find the possible values for this parameter in the [Licenses](/rest/licenses) page of the API documentation.</br>The action will fail on pull requests that introduce dependencies with licenses that do not match the list.|
-| `deny-licenses` | Optional | Contains a list of prohibited licenses. You can find the possible values for this parameter in the [Licenses](/rest/licenses) page of the API documentation.</br>The action will fail on pull requests that introduce dependencies with licenses that match the list.|
+{%- ifversion dependency-review-action-licenses %}
+| `allow-licenses` | Optional | Contains a list of allowed licenses. You can find the possible values for this parameter in the [Licenses](/rest/licenses) page of the API documentation.</br>The action will fail on pull requests that introduce dependencies with licenses that do not match the list.|{% endif %}
+{%- ifversion dependency-review-action-licenses %}
+| `deny-licenses` | Optional | Contains a list of prohibited licenses. You can find the possible values for this parameter in the [Licenses](/rest/licenses) page of the API documentation.</br>The action will fail on pull requests that introduce dependencies with licenses that match the list.|{% endif %}
 
+{% ifversion dependency-review-action-licenses %}
 {% tip %}
 
 **Tip:** The  `allow-licenses` and  `deny-licenses` options are mutually exclusive.
 
 {% endtip %}
+{% endif %}
 
 This {% data variables.product.prodname_dependency_review_action %} example file illustrates how you can use these configuration options.
 
@@ -91,6 +95,7 @@ jobs:
         with:
           # Possible values: "critical", "high", "moderate", "low" 
           fail-on-severity: critical
+{% ifversion dependency-review-action-licenses %}
           # You can only can only include one of these two options: `allow-licenses` and `deny-licences`
           # ([String]). Only allow these licenses (optional)
           # Possible values: Any `spdx_id` value(s) from https://docs.github.com/en/rest/licenses 
@@ -99,6 +104,7 @@ jobs:
           # ([String]). Block the pull request on these licenses (optional)
           # Possible values: Any  `spdx_id` value(s) from https://docs.github.com/en/rest/licenses 
           # deny-licenses: LGPL-2.0, BSD-2-Clause
+{% endif %}
 ```
 
 For further details about the configuration options, see [`dependency-review-action`](https://github.com/actions/dependency-review-action#readme).

data/features/dependency-review-action-licenses.yml

@@ -0,0 +1,4 @@
+# Reference: Issue #7486 Configuring the dependency review action - [Public Beta] for GHES
+versions:
+  fpt: '*'
+  ghec: '*'

data/reusables/dependency-review/action-enterprise.md

@@ -0,0 +1,3 @@
+{% ifversion ghes or ghae %}
+Enterprise owners and people with admin access to a repository can add the {% data variables.product.prodname_dependency_review_action %} to their enterprise and repository, respectively.
+{% endif %}

data/variables/product.yml

@@ -199,7 +199,7 @@ prodname_code_scanning_capc: 'Code scanning'
 prodname_codeql_runner: 'CodeQL runner'
 prodname_advisory_database: 'GitHub Advisory Database'
 prodname_codeql_workflow: 'CodeQL analysis workflow'
-prodname_dependency_review_action: 'Dependency Review GitHub Action'
+prodname_dependency_review_action: 'dependency review action'
 
 # Visual Studio
 prodname_vs: 'Visual Studio'