зеркало из https://github.com/github/docs.git
Move variable relating to Dependency Review outside the `product.yml` file (#33443)
This commit is contained in:
mc
GitHub
Родитель
954e13b00c
Коммит
951ab5162c
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
title: Configuring dependency review for your appliance
|
||||
shortTitle: Configuring dependency review
|
||||
intro: 'To helps users understand dependency changes when reviewing pull requests, you can enable, configure, and disable dependency review for {% data variables.location.product_location %}.'
|
||||
intro: 'To help users understand dependency changes when reviewing pull requests, you can enable, configure, and disable dependency review for {% data variables.location.product_location %}.'
|
||||
product: '{% data reusables.gated-features.dependency-review %}'
|
||||
miniTocMaxHeadingLevel: 3
|
||||
versions:
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@ As a first step, you want to make a complete inventory of your dependencies. The
|
|||
{% ifversion fpt or ghec or ghes > 3.5 or ghae > 3.5 %}
|
||||
### Automatic detection of vulnerabilities in pull requests
|
||||
|
||||
The {% data variables.product.prodname_dependency_review_action %} enforces a dependency review on your pull requests, making it easy for you to see if a pull request will introduce a vulnerable version of a dependency to your repository. When a vulnerability is detected, the {% data variables.product.prodname_dependency_review_action %} can block the pull request from merging. For more information, see "[Dependency review enforcement](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement)."{% endif %}
|
||||
The {% data variables.dependency-review.action_name %} enforces a dependency review on your pull requests, making it easy for you to see if a pull request will introduce a vulnerable version of a dependency to your repository. When a vulnerability is detected, the {% data variables.dependency-review.action_name %} can block the pull request from merging. For more information, see "[Dependency review enforcement](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement)."{% endif %}
|
||||
|
||||
|
||||
### Assessment of exposure to risk from a vulnerable dependency
|
||||
|
|
|
|||
|
|
@ -50,16 +50,16 @@ The action is available for all {% ifversion fpt or ghec %}public repositories,
|
|||
|
||||
{% data reusables.dependency-review.action-enterprise %}
|
||||
|
||||
You can use the {% data variables.product.prodname_dependency_review_action %} in your repository to enforce dependency reviews on your pull requests. The action scans for vulnerable versions of dependencies introduced by package version changes in pull requests, and warns you about the associated security vulnerabilities. This gives you better visibility of what's changing in a pull request, and helps prevent vulnerabilities being added to your repository. For more information, see [`dependency-review-action`](https://github.com/actions/dependency-review-action).
|
||||
You can use the {% data variables.dependency-review.action_name %} in your repository to enforce dependency reviews on your pull requests. The action scans for vulnerable versions of dependencies introduced by package version changes in pull requests, and warns you about the associated security vulnerabilities. This gives you better visibility of what's changing in a pull request, and helps prevent vulnerabilities being added to your repository. For more information, see [`dependency-review-action`](https://github.com/actions/dependency-review-action).
|
||||
|
||||
|
||||
|
||||
By default, the {% data variables.product.prodname_dependency_review_action %} check will fail if it discovers any vulnerable packages. A failed check blocks a pull request from being merged when the repository owner requires the dependency review check to pass. For more information, see "[About protected branches](/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches#require-status-checks-before-merging)."
|
||||
By default, the {% data variables.dependency-review.action_name %} check will fail if it discovers any vulnerable packages. A failed check blocks a pull request from being merged when the repository owner requires the dependency review check to pass. For more information, see "[About protected branches](/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches#require-status-checks-before-merging)."
|
||||
|
||||
The action uses the Dependency Review REST API to get the diff of dependency changes between the base commit and head commit. You can use the Dependency Review API to get the diff of dependency changes, including vulnerability data, between any two commits on a repository. For more information, see "[Dependency review](/rest/reference/dependency-graph#dependency-review)."
|
||||
|
||||
{% ifversion dependency-review-action-configuration %}
|
||||
You can configure the {% data variables.product.prodname_dependency_review_action %} to better suit your needs. For example, you can specify the severity level that will make the action fail{% ifversion dependency-review-action-licenses %}, or set an allow or deny list for licenses to scan{% endif %}. For more information, see "[Configuring dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review#configuring-the-dependency-review-github-action)."
|
||||
You can configure the {% data variables.dependency-review.action_name %} to better suit your needs. For example, you can specify the severity level that will make the action fail{% ifversion dependency-review-action-licenses %}, or set an allow or deny list for licenses to scan{% endif %}. For more information, see "[Configuring dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review#configuring-the-dependency-review-github-action)."
|
||||
{% endif %}
|
||||
|
||||
{% endif %}
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ Dependency review is available when dependency graph is enabled for {% data vari
|
|||
{% endif %}
|
||||
|
||||
{% ifversion dependency-review-action-configuration %}
|
||||
## About configuring the {% data variables.product.prodname_dependency_review_action %}
|
||||
## About configuring the {% data variables.dependency-review.action_name %}
|
||||
|
||||
{% data reusables.dependency-review.dependency-review-action-overview %}
|
||||
|
||||
|
|
@ -77,14 +77,14 @@ The following configuration options are available.
|
|||
{% endtip %}
|
||||
{% endif %}
|
||||
|
||||
## Configuring the {% data variables.product.prodname_dependency_review_action %}
|
||||
## Configuring the {% data variables.dependency-review.action_name %}
|
||||
|
||||
There are two methods of configuring the {% data variables.product.prodname_dependency_review_action %}:
|
||||
There are two methods of configuring the {% data variables.dependency-review.action_name %}:
|
||||
- Inlining the configuration options in your workflow file.
|
||||
- Referencing a configuration file in your workflow file.
|
||||
|
||||
Notice that all of the examples use a short version number for the action (`v3`) instead of a semver release number (for example, `v3.0.8`). This ensures that you use the most recent minor version of the action.
|
||||
### Using inline configuration to set up the {% data variables.product.prodname_dependency_review_action %}
|
||||
### Using inline configuration to set up the {% data variables.dependency-review.action_name %}
|
||||
|
||||
1. Add a new YAML workflow to your `.github/workflows` folder.
|
||||
|
||||
|
|
@ -108,7 +108,7 @@ Notice that all of the examples use a short version number for the action (`v3`)
|
|||
```
|
||||
1. Specify your settings.
|
||||
|
||||
This {% data variables.product.prodname_dependency_review_action %} example file illustrates how you can use the available configuration options.
|
||||
This {% data variables.dependency-review.action_name %} example file illustrates how you can use the available configuration options.
|
||||
```yaml{:copy}
|
||||
name: 'Dependency Review'
|
||||
on: [pull_request]
|
||||
|
|
@ -146,7 +146,7 @@ Notice that all of the examples use a short version number for the action (`v3`)
|
|||
fail-on-scopes: development, runtime
|
||||
{% endif %}
|
||||
```
|
||||
### Using a configuration file to set up {% data variables.product.prodname_dependency_review_action %}
|
||||
### Using a configuration file to set up {% data variables.dependency-review.action_name %}
|
||||
|
||||
1. Add a new YAML workflow to your `.github/workflows` folder and use `config-file` to specify that you are using a configuration file.
|
||||
|
||||
|
|
|
|||
|
|
@ -34,10 +34,10 @@ Dependency review allows you to "shift left". You can use the provided predictiv
|
|||
|
||||
{% ifversion fpt or ghec or ghes > 3.5 or ghae > 3.5 %}
|
||||
|
||||
You can use the {% data variables.product.prodname_dependency_review_action %} to help enforce dependency reviews on pull requests in your repository. {% data reusables.dependency-review.dependency-review-action-overview %}
|
||||
You can use the {% data variables.dependency-review.action_name %} to help enforce dependency reviews on pull requests in your repository. {% data reusables.dependency-review.dependency-review-action-overview %}
|
||||
|
||||
{% ifversion dependency-review-action-configuration %}
|
||||
You can configure the {% data variables.product.prodname_dependency_review_action %} to better suit your needs by specifying the type of dependency vulnerability you wish to catch. For more information, see "[Configuring dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review#configuring-the-dependency-review-github-action)."
|
||||
You can configure the {% data variables.dependency-review.action_name %} to better suit your needs by specifying the type of dependency vulnerability you wish to catch. For more information, see "[Configuring dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review#configuring-the-dependency-review-github-action)."
|
||||
{% endif %}
|
||||
|
||||
{% endif %}
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
{% ifversion ghes or ghae %}
|
||||
Enterprise owners and people with admin access to a repository can add the {% data variables.product.prodname_dependency_review_action %} to their enterprise and repository, respectively.
|
||||
Enterprise owners and people with admin access to a repository can add the {% data variables.dependency-review.action_name %} to their enterprise and repository, respectively.
|
||||
{% endif %}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
{% note %}
|
||||
|
||||
**Note**: The {% data variables.product.prodname_dependency_review_action %} is currently in public beta and subject to change.
|
||||
**Note**: The {% data variables.dependency-review.action_name %} is currently in public beta and subject to change.
|
||||
|
||||
{% endnote %}
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
The {% data variables.product.prodname_dependency_review_action %} scans your pull requests for dependency changes and raises an error if any new dependencies have known vulnerabilities. The action is supported by an API endpoint that compares the dependencies between two revisions and reports any differences.
|
||||
The {% data variables.dependency-review.action_name %} scans your pull requests for dependency changes and raises an error if any new dependencies have known vulnerabilities. The action is supported by an API endpoint that compares the dependencies between two revisions and reports any differences.
|
||||
|
||||
For more information about the action and the API endpoint, see the [`dependency-review-action`](https://github.com/actions/dependency-review-action) documentation, and "[Dependency review](/rest/dependency-graph/dependency-review)" in the API documentation.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,4 @@
|
|||
# Variables used in the dependency review docs that are not product names
|
||||
|
||||
# Dependency review action
|
||||
action_name: 'dependency review action'
|
||||
|
|
@ -213,9 +213,6 @@ prodname_dependabot_security_updates: 'Dependabot security updates'
|
|||
prodname_dependabot_version_updates: 'Dependabot version updates'
|
||||
prodname_dependabot_updates: 'Dependabot updates'
|
||||
|
||||
# Dependency review action
|
||||
prodname_dependency_review_action: 'dependency review action'
|
||||
|
||||
# GitHub Archive Program
|
||||
prodname_archive: 'GitHub Archive Program'
|
||||
prodname_arctic_vault: 'Arctic Code Vault'
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче