Clarify GitHub Enterprise Server support #533
Comments
|
@rajbos The Dependency Review API does not return license information for packages in GHES, only vulnerabilities will be caught. This is something we've raised before, and I hope there's a better Enterprise Server story in the future. Closing this issue, please re-open if needed. |
|
@febuiles, understandable. I do still want to address that the README mentions that the action is available from GHES 3.6 and upwards, but it is not synced on to the appliance on any of our environments, so I think that statement is incorrect. If anyone from GitHub can clarify if they are including it on GHES 3.9 for example, then we can add that to the README. |
|
@rajbos My understanding is that Dependency Review is not part of the Actions that are synced by default on GHES. We do have regular installation instructions already in the README, but that document is very long and needs some love. If you have specific suggestions on how to improve our existing instructions please open a PR or share your thoughts here and I'll get our docs updated! |
|
I've created #534 to clarify the language in the README with the missing parts that confused me initially. |
It says in the readme here that this action is available in Enterprise Server starting with 3.6. We are runing 3.8.2 and the action is not synced onto the appliance by default. We do have GitHub connect enabled.
I've synced the action manually to another org on the same server for testing, and it works for incoming dependencies, including vulnerability scanning.
It does not seem to be able to pick up the licenses for the packages though. Could this be because we have Artifactory in front of our
npm setup? The
licensefield stays empty:The text was updated successfully, but these errors were encountered: