jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-23 21:07:12 -05:00
Code Issues Projects Releases Wiki Activity
Files
93420a2ffa5b005b80becaefbe38a3a79817e0f8
docs/content/code-security/supply-chain-security/understanding-your-software-supply-chain/enforcing-dependency-review-across-an-organization.md
Rachael Sewell 93420a2ffa Update frontmatter versions (#54542)
2025-02-25 17:27:55 +00:00

3.1 KiB
Raw Blame History

title, intro, shortTitle, permissions, versions, type, topics
title intro shortTitle permissions versions type topics
Enforcing dependency review across an organization Dependency review lets you catch insecure dependencies before you introduce them to your environment. You can enforce the use of the {% data variables.dependency-review.action_name %} across your organization. Enforce dependency review {% data reusables.permissions.security-org-enable %}
fpt ghec ghes
* * *
overview
Advanced Security
Dependency review
Vulnerabilities
Dependencies
Pull requests

About dependency review enforcement

{% data reusables.dependency-review.action-enterprise %}

{% data reusables.dependency-review.about-dependency-review-action %} For more information, see AUTOTITLE.

You can enforce the use of the {% data variables.dependency-review.action_name %} in your organization by setting up a repository ruleset that will require the dependency-review-action workflow to pass before pull requests can be merged. Repository rulesets are rule settings that allow you to control how users can interact with selected branches and tags in your repositories. For more information, see AUTOTITLE and Require workflows to pass before merging.

Prerequisites

You need to add the {% data variables.dependency-review.action_name %} to one of the repositories in your organization, and configure the action. For more information, see Configuring the dependency review action.

Enforcing dependency review for your organization

{% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.access-ruleset-settings %}

  1. Click New branch ruleset.

  2. Set Enforcement status to {% octicon "play" aria-hidden="true" %} Active.

  3. Optionally, you can target specific repositories in your organization. For more information, see Choosing which repositories to target in your organization.

  4. In the "Rules" section, select the "Require workflows to pass before merging" option.

  5. In "Workflow configurations", click Add workflow.

  6. In the dialog, select the repository that you added the {% data variables.dependency-review.action_name %} to. For more information, see Prerequisites.

  7. Select a branch and the workflow file for dependency review in the enhanced dialog.

    Screenshot of the Add required workflow dialog. You need to specify a repository, branch, and workflow.

  8. Click Create.

Reference in New Issue View Git Blame Copy Permalink