From 1eb83b5560fe4d1c2c0d9592d2722280f675ec91 Mon Sep 17 00:00:00 2001 From: Jon Janego Date: Fri, 15 Mar 2024 11:22:32 -0500 Subject: [PATCH] Update README.md minor text clarifications to keep consistent with wording in (the docs)[https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review] --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e47a40c6b..50270d9f2 100644 --- a/README.md +++ b/README.md @@ -77,7 +77,7 @@ Configure this action by either inlining these options in your workflow file, or | `vulnerability-check` | Enable or disable the vulnerability check performed by the action. | `true`, `false` | `true` | | `allow-dependencies-licenses`\* | Contains a list of packages that will be excluded from license checks. | Any package(s) in [purl](https://github.com/package-url/purl-spec) format | none | | `base-ref`/`head-ref` | Provide custom git references for the git base/head when performing the comparison check. This is only used for event types other than `pull_request` and `pull_request_target`. | Any valid git ref(s) in your project | none | -| `comment-summary-in-pr` | Enable or disable reporting the review summary as a comment in the pull request. If enabled, you must give the workflow or job permission `pull-requests: write`. | `always`, `on-failure`, `never` | `never` | +| `comment-summary-in-pr` | Enable or disable reporting the review summary as a comment in the pull request. If enabled, you must give the workflow or job the `pull-requests: write` permission. | `always`, `on-failure`, `never` | `never` | | `deny-packages` | Any number of packages to block in a PR. | Package(s) in [purl](https://github.com/package-url/purl-spec) format | empty | | `deny-groups` | Any number of groups (namespaces) to block in a PR. | Namespace(s) in [purl](https://github.com/package-url/purl-spec) format (no package name, no version number) | empty | | `retry-on-snapshot-warnings`\* | Enable or disable retrying the action every 10 seconds while waiting for dependency submission actions to complete. | `true`, `false` | `false` | @@ -152,7 +152,7 @@ For more examples of how to use this action and its configuration options, see t ### Considerations - Checking for licenses is not supported on Enterprise Server as the API does not return license information. -- The action will only accept one of the two `license` parameters; an error will be raised if you provide both. +- The `allow-licenses` and `deny-licenses` options are mutually exclusive; an error will be raised if you provide both. - We don't have license information for all of your dependents. If we can't detect the license for a dependency **we will inform you, but the action won't fail**. ## Blocking pull requests