diff --git a/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-dependency-review-for-your-appliance.md b/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-dependency-review-for-your-appliance.md index 192df3affc..6def0b7a79 100644 --- a/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-dependency-review-for-your-appliance.md +++ b/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-dependency-review-for-your-appliance.md @@ -1,7 +1,7 @@ --- title: Configuring dependency review for your appliance shortTitle: Configuring dependency review -intro: 'To helps users understand dependency changes when reviewing pull requests, you can enable, configure, and disable dependency review for {% data variables.location.product_location %}.' +intro: 'To help users understand dependency changes when reviewing pull requests, you can enable, configure, and disable dependency review for {% data variables.location.product_location %}.' product: '{% data reusables.gated-features.dependency-review %}' miniTocMaxHeadingLevel: 3 versions: diff --git a/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-code.md b/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-code.md index aa33d6a176..e9dd3eff43 100644 --- a/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-code.md +++ b/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-code.md @@ -53,7 +53,7 @@ As a first step, you want to make a complete inventory of your dependencies. The {% ifversion fpt or ghec or ghes > 3.5 or ghae > 3.5 %} ### Automatic detection of vulnerabilities in pull requests -The {% data variables.product.prodname_dependency_review_action %} enforces a dependency review on your pull requests, making it easy for you to see if a pull request will introduce a vulnerable version of a dependency to your repository. When a vulnerability is detected, the {% data variables.product.prodname_dependency_review_action %} can block the pull request from merging. For more information, see "[Dependency review enforcement](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement)."{% endif %} +The {% data variables.dependency-review.action_name %} enforces a dependency review on your pull requests, making it easy for you to see if a pull request will introduce a vulnerable version of a dependency to your repository. When a vulnerability is detected, the {% data variables.dependency-review.action_name %} can block the pull request from merging. For more information, see "[Dependency review enforcement](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement)."{% endif %} ### Assessment of exposure to risk from a vulnerable dependency diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md index 914c982ece..f11ae597a8 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md @@ -50,16 +50,16 @@ The action is available for all {% ifversion fpt or ghec %}public repositories, {% data reusables.dependency-review.action-enterprise %} -You can use the {% data variables.product.prodname_dependency_review_action %} in your repository to enforce dependency reviews on your pull requests. The action scans for vulnerable versions of dependencies introduced by package version changes in pull requests, and warns you about the associated security vulnerabilities. This gives you better visibility of what's changing in a pull request, and helps prevent vulnerabilities being added to your repository. For more information, see [`dependency-review-action`](https://github.com/actions/dependency-review-action). +You can use the {% data variables.dependency-review.action_name %} in your repository to enforce dependency reviews on your pull requests. The action scans for vulnerable versions of dependencies introduced by package version changes in pull requests, and warns you about the associated security vulnerabilities. This gives you better visibility of what's changing in a pull request, and helps prevent vulnerabilities being added to your repository. For more information, see [`dependency-review-action`](https://github.com/actions/dependency-review-action). ![Dependency review action example](/assets/images/help/graphs/dependency-review-action.png) -By default, the {% data variables.product.prodname_dependency_review_action %} check will fail if it discovers any vulnerable packages. A failed check blocks a pull request from being merged when the repository owner requires the dependency review check to pass. For more information, see "[About protected branches](/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches#require-status-checks-before-merging)." +By default, the {% data variables.dependency-review.action_name %} check will fail if it discovers any vulnerable packages. A failed check blocks a pull request from being merged when the repository owner requires the dependency review check to pass. For more information, see "[About protected branches](/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches#require-status-checks-before-merging)." The action uses the Dependency Review REST API to get the diff of dependency changes between the base commit and head commit. You can use the Dependency Review API to get the diff of dependency changes, including vulnerability data, between any two commits on a repository. For more information, see "[Dependency review](/rest/reference/dependency-graph#dependency-review)." {% ifversion dependency-review-action-configuration %} -You can configure the {% data variables.product.prodname_dependency_review_action %} to better suit your needs. For example, you can specify the severity level that will make the action fail{% ifversion dependency-review-action-licenses %}, or set an allow or deny list for licenses to scan{% endif %}. For more information, see "[Configuring dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review#configuring-the-dependency-review-github-action)." +You can configure the {% data variables.dependency-review.action_name %} to better suit your needs. For example, you can specify the severity level that will make the action fail{% ifversion dependency-review-action-licenses %}, or set an allow or deny list for licenses to scan{% endif %}. For more information, see "[Configuring dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review#configuring-the-dependency-review-github-action)." {% endif %} {% endif %} diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md index 0f6307553b..bcd87f8bcc 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md @@ -51,7 +51,7 @@ Dependency review is available when dependency graph is enabled for {% data vari {% endif %} {% ifversion dependency-review-action-configuration %} -## About configuring the {% data variables.product.prodname_dependency_review_action %} +## About configuring the {% data variables.dependency-review.action_name %} {% data reusables.dependency-review.dependency-review-action-overview %} @@ -77,14 +77,14 @@ The following configuration options are available. {% endtip %} {% endif %} -## Configuring the {% data variables.product.prodname_dependency_review_action %} +## Configuring the {% data variables.dependency-review.action_name %} -There are two methods of configuring the {% data variables.product.prodname_dependency_review_action %}: +There are two methods of configuring the {% data variables.dependency-review.action_name %}: - Inlining the configuration options in your workflow file. - Referencing a configuration file in your workflow file. Notice that all of the examples use a short version number for the action (`v3`) instead of a semver release number (for example, `v3.0.8`). This ensures that you use the most recent minor version of the action. -### Using inline configuration to set up the {% data variables.product.prodname_dependency_review_action %} +### Using inline configuration to set up the {% data variables.dependency-review.action_name %} 1. Add a new YAML workflow to your `.github/workflows` folder. @@ -108,7 +108,7 @@ Notice that all of the examples use a short version number for the action (`v3`) ``` 1. Specify your settings. - This {% data variables.product.prodname_dependency_review_action %} example file illustrates how you can use the available configuration options. + This {% data variables.dependency-review.action_name %} example file illustrates how you can use the available configuration options. ```yaml{:copy} name: 'Dependency Review' on: [pull_request] @@ -146,7 +146,7 @@ Notice that all of the examples use a short version number for the action (`v3`) fail-on-scopes: development, runtime {% endif %} ``` -### Using a configuration file to set up {% data variables.product.prodname_dependency_review_action %} +### Using a configuration file to set up {% data variables.dependency-review.action_name %} 1. Add a new YAML workflow to your `.github/workflows` folder and use `config-file` to specify that you are using a configuration file. diff --git a/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request.md b/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request.md index 141f27d805..ebab821a02 100644 --- a/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request.md +++ b/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request.md @@ -34,10 +34,10 @@ Dependency review allows you to "shift left". You can use the provided predictiv {% ifversion fpt or ghec or ghes > 3.5 or ghae > 3.5 %} -You can use the {% data variables.product.prodname_dependency_review_action %} to help enforce dependency reviews on pull requests in your repository. {% data reusables.dependency-review.dependency-review-action-overview %} +You can use the {% data variables.dependency-review.action_name %} to help enforce dependency reviews on pull requests in your repository. {% data reusables.dependency-review.dependency-review-action-overview %} {% ifversion dependency-review-action-configuration %} -You can configure the {% data variables.product.prodname_dependency_review_action %} to better suit your needs by specifying the type of dependency vulnerability you wish to catch. For more information, see "[Configuring dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review#configuring-the-dependency-review-github-action)." +You can configure the {% data variables.dependency-review.action_name %} to better suit your needs by specifying the type of dependency vulnerability you wish to catch. For more information, see "[Configuring dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review#configuring-the-dependency-review-github-action)." {% endif %} {% endif %} diff --git a/data/reusables/dependency-review/action-enterprise.md b/data/reusables/dependency-review/action-enterprise.md index 044b1138d9..a4594a9171 100644 --- a/data/reusables/dependency-review/action-enterprise.md +++ b/data/reusables/dependency-review/action-enterprise.md @@ -1,3 +1,3 @@ {% ifversion ghes or ghae %} -Enterprise owners and people with admin access to a repository can add the {% data variables.product.prodname_dependency_review_action %} to their enterprise and repository, respectively. +Enterprise owners and people with admin access to a repository can add the {% data variables.dependency-review.action_name %} to their enterprise and repository, respectively. {% endif %} diff --git a/data/reusables/dependency-review/dependency-review-action-beta-note.md b/data/reusables/dependency-review/dependency-review-action-beta-note.md index 01b1e2f260..178f333a05 100644 --- a/data/reusables/dependency-review/dependency-review-action-beta-note.md +++ b/data/reusables/dependency-review/dependency-review-action-beta-note.md @@ -1,5 +1,5 @@ {% note %} -**Note**: The {% data variables.product.prodname_dependency_review_action %} is currently in public beta and subject to change. +**Note**: The {% data variables.dependency-review.action_name %} is currently in public beta and subject to change. {% endnote %} diff --git a/data/reusables/dependency-review/dependency-review-action-overview.md b/data/reusables/dependency-review/dependency-review-action-overview.md index d3b89434d2..fcd68a8459 100644 --- a/data/reusables/dependency-review/dependency-review-action-overview.md +++ b/data/reusables/dependency-review/dependency-review-action-overview.md @@ -1,3 +1,3 @@ -The {% data variables.product.prodname_dependency_review_action %} scans your pull requests for dependency changes and raises an error if any new dependencies have known vulnerabilities. The action is supported by an API endpoint that compares the dependencies between two revisions and reports any differences. +The {% data variables.dependency-review.action_name %} scans your pull requests for dependency changes and raises an error if any new dependencies have known vulnerabilities. The action is supported by an API endpoint that compares the dependencies between two revisions and reports any differences. For more information about the action and the API endpoint, see the [`dependency-review-action`](https://github.com/actions/dependency-review-action) documentation, and "[Dependency review](/rest/dependency-graph/dependency-review)" in the API documentation. diff --git a/data/variables/dependency-review.yml b/data/variables/dependency-review.yml new file mode 100644 index 0000000000..a8c999a669 --- /dev/null +++ b/data/variables/dependency-review.yml @@ -0,0 +1,4 @@ +# Variables used in the dependency review docs that are not product names + +# Dependency review action +action_name: 'dependency review action' diff --git a/data/variables/product.yml b/data/variables/product.yml index 28190383b2..c4d5c9dc15 100644 --- a/data/variables/product.yml +++ b/data/variables/product.yml @@ -213,9 +213,6 @@ prodname_dependabot_security_updates: 'Dependabot security updates' prodname_dependabot_version_updates: 'Dependabot version updates' prodname_dependabot_updates: 'Dependabot updates' -# Dependency review action -prodname_dependency_review_action: 'dependency review action' - # GitHub Archive Program prodname_archive: 'GitHub Archive Program' prodname_arctic_vault: 'Arctic Code Vault'