Skip to main content
설명서에 자주 업데이트를 게시하며 이 페이지의 번역이 계속 진행 중일 수 있습니다. 최신 정보는 영어 설명서를 참조하세요.

어플라이언스 종속성 검토 구성

사용자가 끌어오기 요청을 검토할 때 종속성 변경을 이해할 수 있도록 GitHub Enterprise Server 인스턴스에 대한 종속성 검토를 사용하도록 설정, 구성 및 사용하지 않도록 설정할 수 있습니다.

종속성 검토는 GitHub Enterprise Server의 조직 소유 리포지토리에 사용할 수 있습니다. 이 기능을 사용하려면 GitHub Advanced Security에 대한 라이선스가 필요합니다. 자세한 내용은 "GitHub Advanced Security 정보"을 참조하세요.

About dependency review

Dependency review helps you understand dependency changes and the security impact of these changes at every pull request. It provides an easily understandable visualization of dependency changes with a rich diff on the "Files Changed" tab of a pull request. Dependency review informs you of:

  • Which dependencies were added, removed, or updated, along with the release dates.
  • How many projects use these components.
  • Vulnerability data for these dependencies.

Some additional features, such as license checks, blocking of pull requests, and CI/CD integration, are available with the dependency review action.

Checking whether your license includes GitHub Advanced Security

You can identify if your enterprise has a GitHub Advanced Security license by reviewing your enterprise settings. For more information, see "Enabling GitHub Advanced Security for your enterprise."

Prerequisites for dependency review

Enabling and disabling dependency review

To enable or disable dependency review, you need to enable or disable the dependency graph for your instance.

For more information, see "Enabling the dependency graph for your enterprise."

Running dependency review using GitHub Actions

Note: The dependency review action is currently in public beta and subject to change.

The dependency review action is included in your installation of GitHub Enterprise Server. It is available for all repositories that have GitHub Advanced Security and dependency graph enabled.

The dependency review action scans your pull requests for dependency changes and raises an error if any new dependencies have known vulnerabilities. The action is supported by an API endpoint that compares the dependencies between two revisions and reports any differences.

For more information about the action and the API endpoint, see the dependency-review-action documentation, and "Dependency review" in the API documentation.

Users run the dependency review action using a GitHub Actions workflow. If you have not already set up runners for GitHub Actions, you must do this to enable users to run workflows. You can provision self-hosted runners at the repository, organization, or enterprise account level. For information, see "About self-hosted runners" and "Adding self-hosted runners."