Mention dependency review in content for GHES admins (#32353)

2025-12-23 03:44:00 -05:00 · 2022-11-07 08:56:23 -06:00
parent 51b1cfaae9
commit 26ffdea7bc
6 changed files with 11 additions and 1 deletions
--- a/content/admin/code-security/managing-supply-chain-security-for-your-enterprise/about-supply-chain-security-for-your-enterprise.md
+++ b/content/admin/code-security/managing-supply-chain-security-for-your-enterprise/about-supply-chain-security-for-your-enterprise.md
@@ -15,6 +15,8 @@ topics:

 You can allow users to identify their projects' dependencies by {% ifversion ghes %}enabling{% elsif ghae %}using{% endif %} the dependency graph for {% data variables.location.product_location %}. For more information, see "{% ifversion ghes %}[Enabling the dependency graph for your enterprise](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise){% elsif ghae %}[About the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph){% endif %}."

+{% data reusables.dependency-review.dependency-review-enabled-ghes %}
+
 You can also allow users on {% data variables.location.product_location %} to find and fix vulnerabilities in their code dependencies by enabling {% data variables.product.prodname_dependabot_alerts %}{% ifversion ghes %} and {% data variables.product.prodname_dependabot_updates %}{% endif %}. For more information, see "[Enabling {% data variables.product.prodname_dependabot %} for your enterprise](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."

 After you enable {% data variables.product.prodname_dependabot_alerts %}, you can view vulnerability data from the {% data variables.product.prodname_advisory_database %} on {% data variables.location.product_location %} and manually sync the data. For more information, see "[Viewing the vulnerability data for your enterprise](/admin/code-security/managing-supply-chain-security-for-your-enterprise/viewing-the-vulnerability-data-for-your-enterprise)."
--- a/content/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise.md
+++ b/content/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise.md
@@ -16,6 +16,8 @@ topics:

 {% data reusables.dependabot.about-the-dependency-graph %} For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)"

+{% data reusables.dependency-review.dependency-review-enabled-ghes %}
+
 After you enable the dependency graph for your enterprise, you can enable {% data variables.product.prodname_dependabot %} to detect insecure dependencies in your repository{% ifversion ghes %} and automatically fix the vulnerabilities{% endif %}. For more information, see "[Enabling {% data variables.product.prodname_dependabot %} for your enterprise](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."

 {% ifversion ghes %}
--- a/content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md
+++ b/content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md
@@ -28,6 +28,8 @@ topics:

 {% data variables.product.prodname_dependabot %} helps users of {% data variables.location.product_location %} find and fix vulnerabilities in their dependencies.{% ifversion ghes %} You can enable {% data variables.product.prodname_dependabot_alerts %} to notify users about vulnerable dependencies and {% data variables.product.prodname_dependabot_updates %} to fix the vulnerabilities and keep dependencies updated to the latest version.

+{% data variables.product.prodname_dependabot %} is just one of many features available to harden supply chain security for {% data variables.location.product_location %}. For more information about the other features, see "[About supply chain security for your enterprise](/admin/code-security/managing-supply-chain-security-for-your-enterprise/about-supply-chain-security-for-your-enterprise)."
+
 ### About {% data variables.product.prodname_dependabot_alerts %}
 {% endif %}

--- a/data/reusables/dependency-review/dependency-review-enabled-ghes.md
+++ b/data/reusables/dependency-review/dependency-review-enabled-ghes.md
@@ -0,0 +1,3 @@
+{% ifversion ghes %}
+After you enable the dependency graph, users will have access to the dependency review feature. {% data reusables.dependency-review.short-summary %} For more information, see "[About dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)."
+{% endif %}
--- a/data/reusables/dependency-review/feature-overview.md
+++ b/data/reusables/dependency-review/feature-overview.md
@@ -1,4 +1,4 @@
-Dependency review helps you understand dependency changes and the security impact of these changes at every pull request. It provides an easily understandable visualization of dependency changes with a rich diff on the "Files Changed" tab of a pull request. Dependency review informs you of:
+{% data reusables.dependency-review.short-summary %} It provides an easily understandable visualization of dependency changes with a rich diff on the "Files Changed" tab of a pull request. Dependency review informs you of:
 - Which dependencies were added, removed, or updated, along with the release dates.
 - How many projects use these components.
 - Vulnerability data for these dependencies.
--- a/data/reusables/dependency-review/short-summary.md
+++ b/data/reusables/dependency-review/short-summary.md
@@ -0,0 +1 @@
+Dependency review helps you understand dependency changes and the security impact of these changes at every pull request.
				`@@ -0,0 +1 @@`
				`Dependency review helps you understand dependency changes and the security impact of these changes at every pull request.`