Back to changelog

Release

November 14, 20221 minute read

Dependency review API is generally available with updates to dependency review enforcement

The dependency review API is now generally available.

The Dependency Review GitHub Action now allows you to reference a local or external configuration file. There are also new configuration options:

fail-on-scopes: contains a list of strings representing the build environments you want to support (development, runtime, unknown). The action will fail on pull requests that introduce vulnerabilities in the scopes that match the list
allow-ghsas: contains a list of GitHub Security Advisory IDs that can be skipped during detection
license-check and vulnerability-check: a boolean option that allows you disable either one of the checks

Learn more about the dependency graph and dependency review

Related Posts

MAY.7Improvement
Repository rulesets: User bypass and branch renaming
- Platform Governance
APR.16Improvement
Rule insights dashboard and unified filter bar
- Platform Governance
APR.9Improvement
New Low Quality option in the Hide comment menu
- Platform Governance
FEB.17Improvement
Custom properties and rule insights improvements
- Platform Governance
SEP.10Improvement
GitHub ruleset exemptions and repository insights updates
- Platform Governance
SEP.1Improvement
GraphQL API resource limits
- Platform Governance
JUL.21Improvement
Including timeouts in primary rate limits
- Platform Governance
APR.22Improvement
Updates to security configuration settings for customers in existing grace periods
- Platform Governance
APR.9Improvement
Push rule delegated bypass and custom property regex support are generally available and repository policy delegated bypass is in preview
- Platform Governance

Subscribe to our developer newsletter

Discover tips, technical guides, and best practices in our biweekly newsletter just for devs.

Dependency review API is generally available with updates to dependency review enforcement - GitHub Changelog