diff --git a/README.md b/README.md index f970d1c..e733fec 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ You may find it useful to fork this repository, which will allow you to follow t Note that GitHub Actions workflows are not automatically enabled for repository forks. To start the process, you'll need to: 1. Fork the repository -2. Navigate to "Settings -> Code security and analysis" to enable Dependency graph and Dependabot alerts (see below) +2. Navigate to "Settings -> Advanced Security" and enable Dependency graph and Dependabot alerts (see below) 3. Navigate to the "Actions" tab to enable GitHub Actions workflows 4. Push a commit to the 'main' branch in order to trigger the initial `dependency-submission` workflow to run. A change to the README will be sufficient. @@ -17,7 +17,7 @@ In order to receive alerts about any vulnerable dependencies for this repository 1. **Dependency graph and Dependabot alerts are enabled** -image +image 2. **A simple `dependency-submission` workflow is configured to run on any push to the `main` branch** @@ -38,13 +38,12 @@ You can view all of these dependencies, and search for a particular dependency [ Note that all dependencies reported by the action will be tagged with Detected by **GitHub Dependency Graph Gradle Plugin**. - # Viewing vulnerabilities reported for this repository -After executing the `dependency-submission` workflow, the repository has 5 current Dependabot alerts for vulnerable dependencies. +After executing the `dependency-submission` workflow, the repository has several current Dependabot alerts for vulnerable dependencies. These are not publicly visible in the repo, but here is the list: -image +image # Fixing dependency vulnerabilities