3.5 KiB
title, shortTitle, intro, product, versions, type, topics, redirect_from
| title | shortTitle | intro | product | versions | type | topics | redirect_from | |||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Configuring dependency review for your appliance | Configuring dependency review | To help users understand dependency changes when reviewing pull requests, you can enable, configure, and disable dependency review for {% data variables.product.prodname_ghe_server %}. | {% data reusables.gated-features.dependency-review %} |
|
how_to |
|
|
About dependency review
{% data reusables.dependency-review.feature-overview %}
Some additional features, such as license checks, blocking of pull requests, and CI/CD integration, are available with the dependency review action.
Checking whether your license includes {% data variables.product.prodname_AS %}
{% data reusables.advanced-security.check-for-ghas-license %}
Prerequisites for dependency review
-
A license for {% ifversion ghas-products %}{% data variables.product.prodname_GH_code_security %} or {% endif %}{% data variables.product.prodname_GHAS %} (see AUTOTITLE).
-
The dependency graph enabled for the instance. Site administrators can enable the dependency graph via the management console or the administrative shell (see AUTOTITLE).
-
{% data variables.product.prodname_github_connect %} enabled to download and synchronize vulnerabilities from the {% data variables.product.prodname_advisory_database %}. This is usually configured as part of setting up {% data variables.product.prodname_dependabot %} (see AUTOTITLE).
Enabling and disabling dependency review
To enable or disable dependency review, you need to enable or disable the dependency graph for your instance.
For more information, see AUTOTITLE.
Running dependency review using {% data variables.product.prodname_actions %}
{% data reusables.dependency-review.dependency-review-action-beta-note %}
The dependency review action is included in your installation of {% data variables.product.prodname_ghe_server %}. It is available for all repositories that have {% ifversion ghas-products %}{% data variables.product.prodname_GH_code_security %} or {% endif %}{% data variables.product.prodname_GHAS %} and dependency graph enabled.
{% data reusables.dependency-review.dependency-review-action-overview %}
Users run the dependency review action using a {% data variables.product.prodname_actions %} workflow. If you have not already set up runners for {% data variables.product.prodname_actions %}, you must do this to enable users to run workflows. You can provision self-hosted runners at the repository, organization, or enterprise account level. For information, see AUTOTITLE and AUTOTITLE.