From de59840655ae253db64db5cab66802a0cb45f421 Mon Sep 17 00:00:00 2001
From: mchammer01 <42146119+mchammer01@users.noreply.github.com>
Date: Thu, 9 Jun 2022 12:41:40 +0100
Subject: [PATCH 01/11] more improvements and writing

---
 .../about-dependency-review.md                | 12 ++++-
 .../configuring-dependency-review.md          | 53 +++++++++++++++++++
 ...ng-dependency-changes-in-a-pull-request.md |  2 +-
 ...dependency-review-action-configuration.yml |  6 +++
 .../dependency-review-action-beta-note.md     |  2 +-
 data/variables/product.yml                    |  1 +
 6 files changed, 72 insertions(+), 4 deletions(-)
 create mode 100644 data/features/dependency-review-action-configuration.yml

diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md
index 3a74065bb6..34bab83637 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md
@@ -50,11 +50,19 @@ The dependency review feature becomes available when you enable the dependency g
 
 {% data reusables.dependency-review.dependency-review-action-beta-note %}
 
-You can use the Dependency Review GitHub Action in your repository to enforce dependency reviews on your pull requests. The action scans for vulnerable versions of dependencies introduced by package version changes in pull requests, and warns you about the associated security vulnerabilities. This gives you better visibility of what's changing in a pull request, and helps prevent vulnerabilities being added to your repository. For more information, see [`dependency-review-action`](https://github.com/actions/dependency-review-action).
+The action is available for all public repositories, as well as private repositories that have {% data variables.product.prodname_GH_advanced_security %} enabled.
+
+You can use the {% data variables.product.prodname_dependency_review_action %} in your repository to enforce dependency reviews on your pull requests. The action scans for vulnerable versions of dependencies introduced by package version changes in pull requests, and warns you about the associated security vulnerabilities. This gives you better visibility of what's changing in a pull request, and helps prevent vulnerabilities being added to your repository. For more information, see [`dependency-review-action`](https://github.com/actions/dependency-review-action).
 
 ![Dependency review action example](/assets/images/help/graphs/dependency-review-action.png)
 
-The Dependency Review GitHub Action check will fail if it discovers any vulnerable package, but will only block a pull request from being merged if the repository owner has required the check to pass before merging. For more information, see "[About protected branches](/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches#require-status-checks-before-merging)."
+The {% data variables.product.prodname_dependency_review_action %} check will fail if it discovers any vulnerable package, but will only block a pull request from being merged if the repository owner has required the check to pass before merging. For more information, see "[About protected branches](/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches#require-status-checks-before-merging)."
 
 The action uses the Dependency Review REST API to get the diff of dependency changes between the base commit and head commit. You can use the Dependency Review API to get the diff of dependency changes, including vulnerability data, between any two commits on a repository. For more information, see "[Dependency review](/rest/reference/dependency-graph#dependency-review)."
+
+{% ifversion dependency-review-action-configuration %}
+You can configure the {% data variables.product.prodname_dependency_review_action %} to better suit your needs. For example, you can specify the severity level that will make the action fail, or set an allow or deny list for licenses. For more information, see "[Configuring dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review#configuring-the-dependency-review-github-action)." 
 {% endif %}
+
+{% endif %}
+
diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
index bf8f34c92f..ba6b71ea98 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
@@ -50,3 +50,56 @@ Dependency review is available when dependency graph is enabled for {% data vari
   ![Screenshot of "Code security and analysis" features"](/assets/images/enterprise/3.2/repository/code-security-and-analysis-enable-ghas-3.2.png){% endif %}{% ifversion ghes > 3.2 %}
     ![Screenshot of "Code security and analysis" features"](/assets/images/enterprise/3.4/repository/code-security-and-analysis-enable-ghas-3.4.png){% endif %}
 {% endif %}
+
+{% ifversion dependency-review-action-configuration %}
+## Configuring the {% data variables.product.prodname_dependency_review_action %}
+
+The {% data variables.product.prodname_dependency_review_action %} scans your pull requests for dependency changes and raises an error if any new dependencies have existing vulnerabilities. The action is supported by an API endpoint that diffs the dependencies between any two revisions.
+
+For more information about the action and the API endpoint, see "[About dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-reinforcement)" and [Dependency review](/rest/dependency-graph/dependency-review) in the API documentation, respectively.
+
+The available configuration options are described below.
+
+| Property | Required / optional | Description |
+|------------------|-------------------------------|--------|
+| `fail_on_severity` | Optional | Specifies the level of severity (`low`, `moderate`, `high`, `critical`) that causes the action to fail. |
+| `allow_licenses` | Optional | .|
+| `deny_licenses` | Optional | .|
+
+The {% data variables.product.prodname_dependency_review_action %} file below shows an example of use of these properties.
+
+```yaml{:copy}
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v3
+      - name: Dependency Review
+        uses: actions/dependency-review-action@main
+        with:
+          # Possible values: "critical", "high", "moderate", "low" 
+          fail_on_severity: critical
+
+          # ([String]). Only allow these licenses (optional)
+          # Possible values: Any value(s) from https://docs.github.com/en/rest/licenses 
+          allow_licenses:
+            - "GPL 3.0"
+            - "BSD 3 Clause"
+            - "MIT"
+
+          # ([String]). Block the pull request on these licenses (optional)
+          # Possible values: Any value(s) from https://docs.github.com/en/rest/licenses 
+          deny_licenses:
+            - "LGPL 2.0"
+            - "BSD 2 Clause"
+```
+
+For further details about the configuration options, see [`dependency-review-action`](https://github.com/actions/dependency-review-action#readme).
+{% endif %}
\ No newline at end of file
diff --git a/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request.md b/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request.md
index baea88ca85..4c990a950e 100644
--- a/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request.md
+++ b/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request.md
@@ -35,7 +35,7 @@ shortTitle: Review dependency changes
 Dependency review allows you to "shift left". You can use the provided predictive information to catch vulnerable dependencies before they hit production. For more information, see "[About dependency review](/code-security/supply-chain-security/about-dependency-review)."
 
 {% ifversion fpt or ghec or ghes > 3.5 or ghae-issue-6396 %}
-You can use the Dependency Review GitHub Action to help enforce dependency reviews on pull requests in your repository. For more information, see "[Dependency review enforcement](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement)."
+You can use the {% data variables.product.prodname_dependency_review_action %} to help enforce dependency reviews on pull requests in your repository. For more information, see "[Dependency review enforcement](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement)."
 {% endif %}
 
 ## Reviewing dependencies in a pull request
diff --git a/data/features/dependency-review-action-configuration.yml b/data/features/dependency-review-action-configuration.yml
new file mode 100644
index 0000000000..557594cb3b
--- /dev/null
+++ b/data/features/dependency-review-action-configuration.yml
@@ -0,0 +1,6 @@
+# Reference: Issue #7061 Configuring the dependency review action - [Public Beta]
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>3.5'
+  ghae: 'issue-7061'
diff --git a/data/reusables/dependency-review/dependency-review-action-beta-note.md b/data/reusables/dependency-review/dependency-review-action-beta-note.md
index c227b119b0..23aaae3ec2 100644
--- a/data/reusables/dependency-review/dependency-review-action-beta-note.md
+++ b/data/reusables/dependency-review/dependency-review-action-beta-note.md
@@ -1,5 +1,5 @@
 {% note %}
 
-**Note**: The Dependency Review GitHub Action is currently in public beta and subject to change.
+**Note**: The {% data variables.product.prodname_dependency_review_action %} is currently in public beta and subject to change.
 
 {% endnote %}
\ No newline at end of file
diff --git a/data/variables/product.yml b/data/variables/product.yml
index 5419530a1c..fbb7471c5a 100644
--- a/data/variables/product.yml
+++ b/data/variables/product.yml
@@ -181,6 +181,7 @@ prodname_code_scanning_capc: 'Code scanning'
 prodname_codeql_runner: 'CodeQL runner'
 prodname_advisory_database: 'GitHub Advisory Database'
 prodname_codeql_workflow: 'CodeQL analysis workflow'
+prodname_dependency_review_action: 'Dependency Review GitHub Action'
 
 # Visual Studio
 prodname_vs: 'Visual Studio'

From 2006a4d2788df777fe36ae450b7ae201ad50ac66 Mon Sep 17 00:00:00 2001
From: mchammer01 <42146119+mchammer01@users.noreply.github.com>
Date: Thu, 9 Jun 2022 13:46:06 +0100
Subject: [PATCH 02/11] boing

---
 .../configuring-dependency-review.md                          | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
index ba6b71ea98..9972e13293 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
@@ -54,6 +54,8 @@ Dependency review is available when dependency graph is enabled for {% data vari
 {% ifversion dependency-review-action-configuration %}
 ## Configuring the {% data variables.product.prodname_dependency_review_action %}
 
+{% data reusables.dependency-review.dependency-review-action-beta-note %}
+
 The {% data variables.product.prodname_dependency_review_action %} scans your pull requests for dependency changes and raises an error if any new dependencies have existing vulnerabilities. The action is supported by an API endpoint that diffs the dependencies between any two revisions.
 
 For more information about the action and the API endpoint, see "[About dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-reinforcement)" and [Dependency review](/rest/dependency-graph/dependency-review) in the API documentation, respectively.
@@ -80,7 +82,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 'Checkout Repository'
-        uses: actions/checkout@v3
+        uses: {% data reusables.actions.action-checkout %}
       - name: Dependency Review
         uses: actions/dependency-review-action@main
         with:

From b1dd04b968d3d1d80d436ecfd302caddf3f20a1c Mon Sep 17 00:00:00 2001
From: mchammer01 <42146119+mchammer01@users.noreply.github.com>
Date: Thu, 9 Jun 2022 14:34:10 +0100
Subject: [PATCH 03/11] bulk of the work

---
 .../about-dependency-review.md                  |  2 +-
 .../configuring-dependency-review.md            | 17 +++++++----------
 ...wing-dependency-changes-in-a-pull-request.md |  7 ++++++-
 .../dependency-review-action-overview.md        |  3 +++
 4 files changed, 17 insertions(+), 12 deletions(-)
 create mode 100644 data/reusables/dependency-review/dependency-review-action-overview.md

diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md
index 34bab83637..335daa187d 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md
@@ -61,7 +61,7 @@ The {% data variables.product.prodname_dependency_review_action %} check will fa
 The action uses the Dependency Review REST API to get the diff of dependency changes between the base commit and head commit. You can use the Dependency Review API to get the diff of dependency changes, including vulnerability data, between any two commits on a repository. For more information, see "[Dependency review](/rest/reference/dependency-graph#dependency-review)."
 
 {% ifversion dependency-review-action-configuration %}
-You can configure the {% data variables.product.prodname_dependency_review_action %} to better suit your needs. For example, you can specify the severity level that will make the action fail, or set an allow or deny list for licenses. For more information, see "[Configuring dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review#configuring-the-dependency-review-github-action)." 
+You can configure the {% data variables.product.prodname_dependency_review_action %} to better suit your needs. For example, you can specify the severity level that will make the action fail, or set an allow or deny list for licenses to scan. For more information, see "[Configuring dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review#configuring-the-dependency-review-github-action)." 
 {% endif %}
 
 {% endif %}
diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
index 9972e13293..252bab704e 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
@@ -55,20 +55,17 @@ Dependency review is available when dependency graph is enabled for {% data vari
 ## Configuring the {% data variables.product.prodname_dependency_review_action %}
 
 {% data reusables.dependency-review.dependency-review-action-beta-note %}
+{% data reusables.dependency-review.dependency-review-action-overview %}
 
-The {% data variables.product.prodname_dependency_review_action %} scans your pull requests for dependency changes and raises an error if any new dependencies have existing vulnerabilities. The action is supported by an API endpoint that diffs the dependencies between any two revisions.
+The following configuration options are available.
 
-For more information about the action and the API endpoint, see "[About dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-reinforcement)" and [Dependency review](/rest/dependency-graph/dependency-review) in the API documentation, respectively.
-
-The available configuration options are described below.
-
-| Property | Required / optional | Description |
+| Option | Required | Usage |
 |------------------|-------------------------------|--------|
-| `fail_on_severity` | Optional | Specifies the level of severity (`low`, `moderate`, `high`, `critical`) that causes the action to fail. |
-| `allow_licenses` | Optional | .|
-| `deny_licenses` | Optional | .|
+| `fail_on_severity` | Optional | Defines the threshold for level of severity (`low`, `moderate`, `high`, `critical`).</br>The action will fail on pull requests containing vulnerabilities of the specified severity level. |
+| `allow_licenses` | Optional | Contains a list of allowed licenses. You can find the possible values for this parameter in the [Licenses](https://docs.github.com/en/rest/licenses) page of the API documentation.</br>The action will fail on pull requests that introduce dependencies with licenses that do not match the list.|
+| `deny_licenses` | Optional | Contains a list of prohibited licenses. You can find the possible values for this parameter in the [Licenses](https://docs.github.com/en/rest/licenses) page of the API documentation.</br>The action will fail on pull requests that introduce dependencies with licenses that match the list.|
 
-The {% data variables.product.prodname_dependency_review_action %} file below shows an example of use of these properties.
+This {% data variables.product.prodname_dependency_review_action %} example file illustrates how you can use these configuration options.
 
 ```yaml{:copy}
 name: 'Dependency Review'
diff --git a/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request.md b/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request.md
index 4c990a950e..f9c70bdcc1 100644
--- a/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request.md
+++ b/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request.md
@@ -35,9 +35,14 @@ shortTitle: Review dependency changes
 Dependency review allows you to "shift left". You can use the provided predictive information to catch vulnerable dependencies before they hit production. For more information, see "[About dependency review](/code-security/supply-chain-security/about-dependency-review)."
 
 {% ifversion fpt or ghec or ghes > 3.5 or ghae-issue-6396 %}
-You can use the {% data variables.product.prodname_dependency_review_action %} to help enforce dependency reviews on pull requests in your repository. For more information, see "[Dependency review enforcement](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement)."
+
+You can use the {% data variables.product.prodname_dependency_review_action %} to help enforce dependency reviews on pull requests in your repository. {% data reusables.dependency-review.dependency-review-action-overview %}
+
+{% ifversion dependency-review-action-configuration %}
+You can configure the {% data variables.product.prodname_dependency_review_action %} to better suit your needs by specifying the type of dependency vulnerability you wish to catch. For more information, see "[Configuring dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review#configuring-the-dependency-review-github-action)." 
 {% endif %}
 
+{% endif %}
 ## Reviewing dependencies in a pull request
 
 {% data reusables.repositories.sidebar-pr %}
diff --git a/data/reusables/dependency-review/dependency-review-action-overview.md b/data/reusables/dependency-review/dependency-review-action-overview.md
new file mode 100644
index 0000000000..d99dd86a20
--- /dev/null
+++ b/data/reusables/dependency-review/dependency-review-action-overview.md
@@ -0,0 +1,3 @@
+The {% data variables.product.prodname_dependency_review_action %} scans your pull requests for dependency changes and raises an error if any new dependencies have existing vulnerabilities. The action is supported by an API endpoint that diffs the dependencies between any two revisions.
+
+For more information about the action and the API endpoint, see "[About dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-reinforcement)," and "[Dependency review](/rest/dependency-graph/dependency-review)" in the API documentation, respectively.
\ No newline at end of file

From 186ec0856b4467bc82c25ccd24aa3fa7fba80eb2 Mon Sep 17 00:00:00 2001
From: mchammer01 <42146119+mchammer01@users.noreply.github.com>
Date: Thu, 9 Jun 2022 14:56:40 +0100
Subject: [PATCH 04/11] fix failure

---
 .../configuring-dependency-review.md                          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
index 252bab704e..248a9a4b6f 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
@@ -62,8 +62,8 @@ The following configuration options are available.
 | Option | Required | Usage |
 |------------------|-------------------------------|--------|
 | `fail_on_severity` | Optional | Defines the threshold for level of severity (`low`, `moderate`, `high`, `critical`).</br>The action will fail on pull requests containing vulnerabilities of the specified severity level. |
-| `allow_licenses` | Optional | Contains a list of allowed licenses. You can find the possible values for this parameter in the [Licenses](https://docs.github.com/en/rest/licenses) page of the API documentation.</br>The action will fail on pull requests that introduce dependencies with licenses that do not match the list.|
-| `deny_licenses` | Optional | Contains a list of prohibited licenses. You can find the possible values for this parameter in the [Licenses](https://docs.github.com/en/rest/licenses) page of the API documentation.</br>The action will fail on pull requests that introduce dependencies with licenses that match the list.|
+| `allow_licenses` | Optional | Contains a list of allowed licenses. You can find the possible values for this parameter in the [Licenses](/rest/licenses) page of the API documentation.</br>The action will fail on pull requests that introduce dependencies with licenses that do not match the list.|
+| `deny_licenses` | Optional | Contains a list of prohibited licenses. You can find the possible values for this parameter in the [Licenses](/rest/licenses) page of the API documentation.</br>The action will fail on pull requests that introduce dependencies with licenses that match the list.|
 
 This {% data variables.product.prodname_dependency_review_action %} example file illustrates how you can use these configuration options.
 

From ccab04820d67f38bb4cd44f3be453bdbab4a505b Mon Sep 17 00:00:00 2001
From: Courtney Claessens <courtneycl@github.com>
Date: Thu, 9 Jun 2022 17:48:20 -0400
Subject: [PATCH 05/11] Update configuring-dependency-review.md

We learned that `allow_licenses` and `deny_licenses` need to be formatted as a string, but don't need quotes: `allow_licenses: GPL 3.0, BSD 3 Clause, MIT`
---
 .../configuring-dependency-review.md                  | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
index 248a9a4b6f..eb345500ad 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
@@ -88,17 +88,12 @@ jobs:
 
           # ([String]). Only allow these licenses (optional)
           # Possible values: Any value(s) from https://docs.github.com/en/rest/licenses 
-          allow_licenses:
-            - "GPL 3.0"
-            - "BSD 3 Clause"
-            - "MIT"
+          allow_licenses: GPL 3.0, BSD 3 Clause, MIT
 
           # ([String]). Block the pull request on these licenses (optional)
           # Possible values: Any value(s) from https://docs.github.com/en/rest/licenses 
-          deny_licenses:
-            - "LGPL 2.0"
-            - "BSD 2 Clause"
+          deny_licenses: LGPL 2.0, BSD 2 Clause
 ```
 
 For further details about the configuration options, see [`dependency-review-action`](https://github.com/actions/dependency-review-action#readme).
-{% endif %}
\ No newline at end of file
+{% endif %}

From 21892f86880ef80095d73091d5db4cacc3b6dd96 Mon Sep 17 00:00:00 2001
From: mchammer01 <42146119+mchammer01@users.noreply.github.com>
Date: Fri, 10 Jun 2022 08:34:21 +0100
Subject: [PATCH 06/11] address review comments

---
 .../about-dependency-review.md                              | 4 ++--
 .../configuring-dependency-review.md                        | 6 ++++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md
index 335daa187d..11db14e065 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md
@@ -50,13 +50,13 @@ The dependency review feature becomes available when you enable the dependency g
 
 {% data reusables.dependency-review.dependency-review-action-beta-note %}
 
-The action is available for all public repositories, as well as private repositories that have {% data variables.product.prodname_GH_advanced_security %} enabled.
+The action is available for {% ifversion not ghae %}all public repositories, as well as {% endif %}private repositories that have {% data variables.product.prodname_GH_advanced_security %} enabled.
 
 You can use the {% data variables.product.prodname_dependency_review_action %} in your repository to enforce dependency reviews on your pull requests. The action scans for vulnerable versions of dependencies introduced by package version changes in pull requests, and warns you about the associated security vulnerabilities. This gives you better visibility of what's changing in a pull request, and helps prevent vulnerabilities being added to your repository. For more information, see [`dependency-review-action`](https://github.com/actions/dependency-review-action).
 
 ![Dependency review action example](/assets/images/help/graphs/dependency-review-action.png)
 
-The {% data variables.product.prodname_dependency_review_action %} check will fail if it discovers any vulnerable package, but will only block a pull request from being merged if the repository owner has required the check to pass before merging. For more information, see "[About protected branches](/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches#require-status-checks-before-merging)."
+By default, the {% data variables.product.prodname_dependency_review_action %} check will fail if it discovers any vulnerable package, but will only block a pull request from being merged if the repository owner has required the check to pass before merging. For more information, see "[About protected branches](/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches#require-status-checks-before-merging)."
 
 The action uses the Dependency Review REST API to get the diff of dependency changes between the base commit and head commit. You can use the Dependency Review API to get the diff of dependency changes, including vulnerability data, between any two commits on a repository. For more information, see "[Dependency review](/rest/reference/dependency-graph#dependency-review)."
 
diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
index 248a9a4b6f..69bacb865e 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
@@ -65,6 +65,12 @@ The following configuration options are available.
 | `allow_licenses` | Optional | Contains a list of allowed licenses. You can find the possible values for this parameter in the [Licenses](/rest/licenses) page of the API documentation.</br>The action will fail on pull requests that introduce dependencies with licenses that do not match the list.|
 | `deny_licenses` | Optional | Contains a list of prohibited licenses. You can find the possible values for this parameter in the [Licenses](/rest/licenses) page of the API documentation.</br>The action will fail on pull requests that introduce dependencies with licenses that match the list.|
 
+{% tip %}
+
+**Tip:** The  `allow_licenses` and  `deny_licenses` options are mutually exclusive.
+
+{% endtip %}
+
 This {% data variables.product.prodname_dependency_review_action %} example file illustrates how you can use these configuration options.
 
 ```yaml{:copy}

From 5f7b6dd156e400e84db7185853349004d8e842d3 Mon Sep 17 00:00:00 2001
From: mc <42146119+mchammer01@users.noreply.github.com>
Date: Mon, 13 Jun 2022 08:14:08 +0100
Subject: [PATCH 07/11] Apply suggestions from code review

Co-authored-by: Felicity Chapman <felicitymay@github.com>
---
 .../about-dependency-review.md                                | 4 ++--
 .../dependency-review/dependency-review-action-overview.md    | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md
index 11db14e065..0d537c504e 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md
@@ -50,13 +50,13 @@ The dependency review feature becomes available when you enable the dependency g
 
 {% data reusables.dependency-review.dependency-review-action-beta-note %}
 
-The action is available for {% ifversion not ghae %}all public repositories, as well as {% endif %}private repositories that have {% data variables.product.prodname_GH_advanced_security %} enabled.
+The action is available for all {% ifversion fpt or ghec %}public repositories, as well as private {% endif %}repositories that have {% data variables.product.prodname_GH_advanced_security %} enabled.
 
 You can use the {% data variables.product.prodname_dependency_review_action %} in your repository to enforce dependency reviews on your pull requests. The action scans for vulnerable versions of dependencies introduced by package version changes in pull requests, and warns you about the associated security vulnerabilities. This gives you better visibility of what's changing in a pull request, and helps prevent vulnerabilities being added to your repository. For more information, see [`dependency-review-action`](https://github.com/actions/dependency-review-action).
 
 ![Dependency review action example](/assets/images/help/graphs/dependency-review-action.png)
 
-By default, the {% data variables.product.prodname_dependency_review_action %} check will fail if it discovers any vulnerable package, but will only block a pull request from being merged if the repository owner has required the check to pass before merging. For more information, see "[About protected branches](/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches#require-status-checks-before-merging)."
+By default, the {% data variables.product.prodname_dependency_review_action %} check will fail if it discovers any vulnerable packages. A failed check blocks a pull request from being merged when the repository owner requires the dependency review check to pass. For more information, see "[About protected branches](/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches#require-status-checks-before-merging)."
 
 The action uses the Dependency Review REST API to get the diff of dependency changes between the base commit and head commit. You can use the Dependency Review API to get the diff of dependency changes, including vulnerability data, between any two commits on a repository. For more information, see "[Dependency review](/rest/reference/dependency-graph#dependency-review)."
 
diff --git a/data/reusables/dependency-review/dependency-review-action-overview.md b/data/reusables/dependency-review/dependency-review-action-overview.md
index d99dd86a20..49112365d7 100644
--- a/data/reusables/dependency-review/dependency-review-action-overview.md
+++ b/data/reusables/dependency-review/dependency-review-action-overview.md
@@ -1,3 +1,3 @@
-The {% data variables.product.prodname_dependency_review_action %} scans your pull requests for dependency changes and raises an error if any new dependencies have existing vulnerabilities. The action is supported by an API endpoint that diffs the dependencies between any two revisions.
+The {% data variables.product.prodname_dependency_review_action %} scans your pull requests for dependency changes and raises an error if any new dependencies have known vulnerabilities. The action is supported by an API endpoint that compares the dependencies between two revisions and reports any differences.
 
 For more information about the action and the API endpoint, see "[About dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-reinforcement)," and "[Dependency review](/rest/dependency-graph/dependency-review)" in the API documentation, respectively.
\ No newline at end of file

From 7c5a78af44e5f7bfae2354a4abc3088cfc2b7636 Mon Sep 17 00:00:00 2001
From: mchammer01 <42146119+mchammer01@users.noreply.github.com>
Date: Mon, 13 Jun 2022 13:54:23 +0100
Subject: [PATCH 08/11] address outstanding comments

---
 .../configuring-dependency-review.md                 | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
index 664a4308df..7fb9e549c4 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
@@ -87,18 +87,18 @@ jobs:
       - name: 'Checkout Repository'
         uses: {% data reusables.actions.action-checkout %}
       - name: Dependency Review
-        uses: actions/dependency-review-action@main
+        uses: actions/dependency-review-action@v2
         with:
           # Possible values: "critical", "high", "moderate", "low" 
           fail_on_severity: critical
-
+          # You can only can only include one of these two options: `allow_licenses` and `deny-licences`
           # ([String]). Only allow these licenses (optional)
-          # Possible values: Any value(s) from https://docs.github.com/en/rest/licenses 
-          allow_licenses: GPL 3.0, BSD 3 Clause, MIT
+          # Possible values: Any `spdx_id` value(s) from https://docs.github.com/en/rest/licenses 
+          # allow_licenses: GPL 3.0, BSD 3 Clause, MIT
 
           # ([String]). Block the pull request on these licenses (optional)
-          # Possible values: Any value(s) from https://docs.github.com/en/rest/licenses 
-          deny_licenses: LGPL 2.0, BSD 2 Clause
+          # Possible values: Any  `spdx_id` value(s) from https://docs.github.com/en/rest/licenses 
+          # deny_licenses: LGPL 2.0, BSD 2 Clause
 ```
 
 For further details about the configuration options, see [`dependency-review-action`](https://github.com/actions/dependency-review-action#readme).

From 6dbe336823aacd8f89461418dc71ef1782d3ae51 Mon Sep 17 00:00:00 2001
From: mc <42146119+mchammer01@users.noreply.github.com>
Date: Mon, 13 Jun 2022 13:56:04 +0100
Subject: [PATCH 09/11] Update
 content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md

Co-authored-by: Felicity Chapman <felicitymay@github.com>
---
 .../configuring-dependency-review.md                            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
index 7fb9e549c4..076123912e 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
@@ -61,7 +61,7 @@ The following configuration options are available.
 
 | Option | Required | Usage |
 |------------------|-------------------------------|--------|
-| `fail_on_severity` | Optional | Defines the threshold for level of severity (`low`, `moderate`, `high`, `critical`).</br>The action will fail on pull requests containing vulnerabilities of the specified severity level. |
+| `fail_on_severity` | Optional | Defines the threshold for level of severity (`low`, `moderate`, `high`, `critical`).</br>The action will fail on any pull requests that introduce vulnerabilities of the specified severity level or higher. |
 | `allow_licenses` | Optional | Contains a list of allowed licenses. You can find the possible values for this parameter in the [Licenses](/rest/licenses) page of the API documentation.</br>The action will fail on pull requests that introduce dependencies with licenses that do not match the list.|
 | `deny_licenses` | Optional | Contains a list of prohibited licenses. You can find the possible values for this parameter in the [Licenses](/rest/licenses) page of the API documentation.</br>The action will fail on pull requests that introduce dependencies with licenses that match the list.|
 

From c83eead1637f7e96dd5c04c08d1fa828c01b8a05 Mon Sep 17 00:00:00 2001
From: Courtney Claessens <courtneycl@github.com>
Date: Mon, 13 Jun 2022 09:13:02 -0400
Subject: [PATCH 10/11] conforming license types to spdx format

---
 .../configuring-dependency-review.md                          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
index 076123912e..e888c677c1 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
@@ -94,11 +94,11 @@ jobs:
           # You can only can only include one of these two options: `allow_licenses` and `deny-licences`
           # ([String]). Only allow these licenses (optional)
           # Possible values: Any `spdx_id` value(s) from https://docs.github.com/en/rest/licenses 
-          # allow_licenses: GPL 3.0, BSD 3 Clause, MIT
+          # allow_licenses: GPL-3.0, BSD-3-Clause, MIT
 
           # ([String]). Block the pull request on these licenses (optional)
           # Possible values: Any  `spdx_id` value(s) from https://docs.github.com/en/rest/licenses 
-          # deny_licenses: LGPL 2.0, BSD 2 Clause
+          # deny_licenses: LGPL-2.0, BSD-2-Clause
 ```
 
 For further details about the configuration options, see [`dependency-review-action`](https://github.com/actions/dependency-review-action#readme).

From 221c806c2a538a7cad8ef62b3eaa46f9e771c4a4 Mon Sep 17 00:00:00 2001
From: Sophie <29382425+sophietheking@users.noreply.github.com>
Date: Wed, 15 Jun 2022 14:27:37 +0200
Subject: [PATCH 11/11] Apply suggestions from code review

Co-authored-by: Federico Builes <febuiles@github.com>
---
 .../configuring-dependency-review.md             | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
index e888c677c1..c18299b4c4 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md
@@ -61,13 +61,13 @@ The following configuration options are available.
 
 | Option | Required | Usage |
 |------------------|-------------------------------|--------|
-| `fail_on_severity` | Optional | Defines the threshold for level of severity (`low`, `moderate`, `high`, `critical`).</br>The action will fail on any pull requests that introduce vulnerabilities of the specified severity level or higher. |
-| `allow_licenses` | Optional | Contains a list of allowed licenses. You can find the possible values for this parameter in the [Licenses](/rest/licenses) page of the API documentation.</br>The action will fail on pull requests that introduce dependencies with licenses that do not match the list.|
-| `deny_licenses` | Optional | Contains a list of prohibited licenses. You can find the possible values for this parameter in the [Licenses](/rest/licenses) page of the API documentation.</br>The action will fail on pull requests that introduce dependencies with licenses that match the list.|
+| `fail-on-severity` | Optional | Defines the threshold for level of severity (`low`, `moderate`, `high`, `critical`).</br>The action will fail on any pull requests that introduce vulnerabilities of the specified severity level or higher. |
+| `allow-licenses` | Optional | Contains a list of allowed licenses. You can find the possible values for this parameter in the [Licenses](/rest/licenses) page of the API documentation.</br>The action will fail on pull requests that introduce dependencies with licenses that do not match the list.|
+| `deny-licenses` | Optional | Contains a list of prohibited licenses. You can find the possible values for this parameter in the [Licenses](/rest/licenses) page of the API documentation.</br>The action will fail on pull requests that introduce dependencies with licenses that match the list.|
 
 {% tip %}
 
-**Tip:** The  `allow_licenses` and  `deny_licenses` options are mutually exclusive.
+**Tip:** The  `allow-licenses` and  `deny-licenses` options are mutually exclusive.
 
 {% endtip %}
 
@@ -90,15 +90,15 @@ jobs:
         uses: actions/dependency-review-action@v2
         with:
           # Possible values: "critical", "high", "moderate", "low" 
-          fail_on_severity: critical
-          # You can only can only include one of these two options: `allow_licenses` and `deny-licences`
+          fail-on-severity: critical
+          # You can only can only include one of these two options: `allow-licenses` and `deny-licences`
           # ([String]). Only allow these licenses (optional)
           # Possible values: Any `spdx_id` value(s) from https://docs.github.com/en/rest/licenses 
-          # allow_licenses: GPL-3.0, BSD-3-Clause, MIT
+          # allow-licenses: GPL-3.0, BSD-3-Clause, MIT
 
           # ([String]). Block the pull request on these licenses (optional)
           # Possible values: Any  `spdx_id` value(s) from https://docs.github.com/en/rest/licenses 
-          # deny_licenses: LGPL-2.0, BSD-2-Clause
+          # deny-licenses: LGPL-2.0, BSD-2-Clause
 ```
 
 For further details about the configuration options, see [`dependency-review-action`](https://github.com/actions/dependency-review-action#readme).