注意:依赖项评审目前以 beta 版本提供,并且可能会发生更改。
About dependency review
依赖项审查帮助您了解依赖项变化以及这些变化在每个拉取请求中的安全影响。 它提供了一个易于理解的依赖项变化视图,多差异显示在拉取请求的“Files Changed(更改的文件)”选项卡上。 依赖项审查告知您:
- 哪些依赖项连同发行日期一起添� 、� 除或更新。
- 有多少项目使用这些组件。
- 这些依赖项的漏洞数据。
For more information, see "About dependency review" and "Reviewing dependency changes in a pull request."
About configuring dependency review
Dependency review is available when dependency graph is enabled for your GitHub Enterprise Server instance and Advanced Security is enabled for the organization or repository. For more information, see "Enabling GitHub Advanced Security for your enterprise."
Checking if the dependency graph is enabled
-
On your GitHub Enterprise Server instance, navigate to the main page of the repository.
-
在存储库名称下,单击 “设置”。
-
In the left sidebar, click Security & analysis.
-
Under "Configure security and analysis features", check if the dependency graph is enabled.
-
If dependency graph is enabled, click Enable next to "GitHub Advanced Security" to enable Advanced Security, including dependency review. The enable button is disabled if your enterprise has no available licenses for Advanced Security.
