Configure dependency review for vulnerability severity and license type

The Dependency Review GitHub Action, which checks if pull requests introduce a dependency with a known vulnerability, now supports configuration based on vulnerability severity and license type.

The following configuration options are available:

  • fail-on-severity: the action will fail on any pull requests that introduce vulnerabilities of the specified severity level or higher
  • allow-licenses: the action will fail on pull requests that introduce dependencies with licenses that do not match the list
  • deny-licenses: the action will fail on pull requests that introduce dependencies with licenses that match the list

The action is available for all public repositories, as well as private repositories that have Github Advanced Security licensed.

Learn more about dependency review enforcement.
Learn more about configuring the Dependency Review GitHub Action.

Back in March, we introduced a new "For you" feed in Public Beta, to help you discover interesting projects across GitHub. Today, we are sharing a few updates to this beta.

  • Users can now filter the feed based on content types: for instance, someone might only want to see announcements and releases on their feed, while another person might want to see everything but releases.
    image
  • Similar events are now grouped (rolled up). For instance, if a person is starring multiple repositories, the feed will display a group of "starred" activities.
    image
  • Feed contents are now paginated.
  • Merged Pull Requests in public repositories will now also be displayed on the feed.

For questions or feedback, visit the GitHub Feed feedback.

See more