Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency review enforcement (Cloud beta) #149

Closed
github-product-roadmap opened this issue Jan 13, 2021 · 1 comment
Closed

Dependency review enforcement (Cloud beta) #149

github-product-roadmap opened this issue Jan 13, 2021 · 1 comment
Labels
cloud Available on Cloud GitHub Advanced Security (GHAS) Product SKU: GitHub Advanced Security preview Feature phase: Preview shipped Shipped

Comments

@github-product-roadmap
Copy link
Collaborator

github-product-roadmap commented Jan 13, 2021
edited
Loading

Summary

This feature will prevent users from accidentally checking in dependencies which include vulnerabilities.

Intended Outcome

Users cannot introduce vulnerable dependencies to their projects accidentally.

How will it work?

More details will be available as the feature is developed, but in general, we will block a pull request which includes vulnerable dependencies so that the developer must triage the problem and make a decision as to how they would like to proceed.
@github github locked and limited conversation to collaborators Jan 13, 2021
@github-product-roadmap github-product-roadmap added preview Feature phase: Preview cloud Available on Cloud GitHub Advanced Security (GHAS) Product SKU: GitHub Advanced Security security & compliance server Available on Server labels Jan 13, 2021
@Sid-ah Sid-ah removed the tpm staffed label Jun 9, 2021
@Sid-ah Sid-ah moved this from Q2 2022 – Apr-Jun to Q1 2022 – Jan-Mar in GitHub Public Roadmap Oct 8, 2021
@Sid-ah Sid-ah moved this to Q1 2022 – Jan-Mar in GitHub Public Roadmap Oct 8, 2021
@github-product-roadmap github-product-roadmap changed the title Dependency review enforcement (Beta) Dependency review enforcement (Cloud beta) Nov 9, 2021
@github-product-roadmap github-product-roadmap removed the server Available on Server label Nov 9, 2021
@spaltrowitz spaltrowitz added the shipped Shipped label Apr 6, 2022
@spaltrowitz
Copy link

spaltrowitz commented Apr 6, 2022
edited
Loading

this has shipped! https://github.blog/changelog/2022-04-06-github-action-for-dependency-review-enforcement/

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
cloud Available on Cloud GitHub Advanced Security (GHAS) Product SKU: GitHub Advanced Security preview Feature phase: Preview shipped Shipped
Projects
GitHub Public Roadmap
Archived in project
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Sid-ah @github-product-roadmap @spaltrowitz