From f3d3fe46d98a91ef33deedb4c6f255fa7e4a233b Mon Sep 17 00:00:00 2001 From: Tom Tresansky Date: Fri, 29 Aug 2025 11:10:17 -0400 Subject: [PATCH 1/4] Updates settings navigation instruction Corrects the navigation path for enabling Dependency graph and Dependabot alerts, pointing to "Settings -> Advanced Security" instead of the previous location. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f970d1c..f68d7f0 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ You may find it useful to fork this repository, which will allow you to follow t Note that GitHub Actions workflows are not automatically enabled for repository forks. To start the process, you'll need to: 1. Fork the repository -2. Navigate to "Settings -> Code security and analysis" to enable Dependency graph and Dependabot alerts (see below) +2. Navigate to "Settings -> Advanced Security" and enable Dependency graph and Dependabot alerts (see below) 3. Navigate to the "Actions" tab to enable GitHub Actions workflows 4. Push a commit to the 'main' branch in order to trigger the initial `dependency-submission` workflow to run. A change to the README will be sufficient. From 70eb790cd23df267516ededad435e488290464e0 Mon Sep 17 00:00:00 2001 From: Tom Tresansky Date: Fri, 29 Aug 2025 11:15:09 -0400 Subject: [PATCH 2/4] Update image in README for dependency alerts Updated image source for dependency alerts section. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f68d7f0..2b3cb08 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ In order to receive alerts about any vulnerable dependencies for this repository 1. **Dependency graph and Dependabot alerts are enabled** -image +image 2. **A simple `dependency-submission` workflow is configured to run on any push to the `main` branch** From 2df97ec93e68e06a7a4e66f6db7110fd182cd594 Mon Sep 17 00:00:00 2001 From: Tom Tresansky Date: Tue, 2 Sep 2025 06:34:19 -0400 Subject: [PATCH 3/4] Update image link for Dependabot alerts section --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2b3cb08..d730ceb 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,7 @@ Note that all dependencies reported by the action will be tagged with Dete After executing the `dependency-submission` workflow, the repository has 5 current Dependabot alerts for vulnerable dependencies. These are not publicly visible in the repo, but here is the list: -image +image # Fixing dependency vulnerabilities From 4a73805eb0dde1e10cf487a545baf4558ecb42ff Mon Sep 17 00:00:00 2001 From: Tom Tresansky Date: Tue, 2 Sep 2025 06:47:13 -0400 Subject: [PATCH 4/4] Tweak text - there are currently 6 reports (and may be more in the future) so don't say 5 --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index d730ceb..e733fec 100644 --- a/README.md +++ b/README.md @@ -38,10 +38,9 @@ You can view all of these dependencies, and search for a particular dependency [ Note that all dependencies reported by the action will be tagged with Detected by **GitHub Dependency Graph Gradle Plugin**. - # Viewing vulnerabilities reported for this repository -After executing the `dependency-submission` workflow, the repository has 5 current Dependabot alerts for vulnerable dependencies. +After executing the `dependency-submission` workflow, the repository has several current Dependabot alerts for vulnerable dependencies. These are not publicly visible in the repo, but here is the list: image