This commit is contained in:
John Clement
@@ -1,2 +1,5 @@
|
||||
{% ifversion ghes %}
|
||||
{% else %}
|
||||
> [!NOTE]
|
||||
> The dependency review API and the {% data variables.dependency-submission-api.name %} work together. This means that the dependency review API will include dependencies submitted via the {% data variables.dependency-submission-api.name %}.
|
||||
{% endif %}
|
||||
|
||||
@@ -4,6 +4,6 @@ The dependency graph shows any dependencies you submit using the API in addition
|
||||
|
||||
Submitted dependencies will receive {% data variables.product.prodname_dependabot_alerts %} and {% data variables.product.prodname_dependabot_security_updates %} for any known vulnerabilities. You will only get {% data variables.product.prodname_dependabot_alerts %} for dependencies that are from one of the supported ecosystems for the {% data variables.product.prodname_advisory_database %}. For more information about these ecosystems, see [AUTOTITLE](/code-security/security-advisories/global-security-advisories/about-the-github-advisory-database#github-reviewed-advisories). For transitive dependencies submitted via the {% data variables.dependency-submission-api.name %}, {% data variables.product.prodname_dependabot %} will automatically open pull requests to update the parent dependency, if an update is available.
|
||||
|
||||
Submitted dependencies will be shown in dependency review, but are _not_ available in your organization's dependency insights.
|
||||
Submitted dependencies {% ifversion fpt or ghec %}will be shown in dependency review, but {% endif %}are _not_ available in your organization's dependency insights.
|
||||
|
||||
{% data reusables.dependency-review.works-with-submission-api-beta %}
|
||||
|
||||
Reference in New Issue
Block a user