From ab545d57a2af54fbd611925705d008cf914cc480 Mon Sep 17 00:00:00 2001 From: Aleksander Fidelus Date: Tue, 28 Nov 2023 21:25:00 +0100 Subject: [PATCH] Cleanup --- content/questions/advanced_security/question-025.md | 2 +- content/questions/advanced_security/question-026.md | 7 +++---- content/questions/advanced_security/question-027.md | 1 - 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/content/questions/advanced_security/question-025.md b/content/questions/advanced_security/question-025.md index d03a7439..1053865a 100644 --- a/content/questions/advanced_security/question-025.md +++ b/content/questions/advanced_security/question-025.md @@ -9,4 +9,4 @@ draft: false > https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#dependency-graph-availability 1. [x] Yes, it's available for free for all repositories. 1. [ ] No, it's available for free for public repositories only. Private repositories can use it if they have the GitHub Advanced Security license. -1. [ ] No, it's not available for free to any repositories, GitHub Dependency graps is a paid feature that comes with the GitHub Advanced Security license +1. [ ] No, it's not available for free to any repositories, GitHub Dependency graph is a paid feature that comes with the GitHub Advanced Security license diff --git a/content/questions/advanced_security/question-026.md b/content/questions/advanced_security/question-026.md index 6de044aa..7ac9f626 100644 --- a/content/questions/advanced_security/question-026.md +++ b/content/questions/advanced_security/question-026.md @@ -1,7 +1,7 @@ --- archetype: "questions" title: "Question 026" -question: "How does GitHub Dependency graph know which dependencies/packages Your project is using? (Choose two.)" +question: "How does GitHub Dependency graph know what dependencies Your project is using? (Choose two.)" draft: false --- @@ -10,7 +10,6 @@ draft: false > https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#supported-package-ecosystems - [x] GitHub derives dependencies automatically from manifests and lock files commited to the repository -- [x] You can add dependencies using the Dependency submission API +- [x] Dependencies can be manually added using the Dependency submission API - [ ] GitHub scans the repository code for import statements of external packages -- [ ] You can add a GitHub Actions workflow using with the official `actions/dependency-graph` GitHub Action to add dependencies to the graph whenever a new commit is pushed to the repository -> There is no such GitHub Action as `actions/dependency-graph` +- [ ] It's required to add a GitHub Actions workflow that uses the official `actions/dependency-graph` GitHub Action to add dependencies to the graph whenever a new commit is pushed to the repository diff --git a/content/questions/advanced_security/question-027.md b/content/questions/advanced_security/question-027.md index 05402475..e92c6372 100644 --- a/content/questions/advanced_security/question-027.md +++ b/content/questions/advanced_security/question-027.md @@ -13,4 +13,3 @@ draft: false - [ ] When your repository publishes a new release - [ ] When your repository publishes a new git tag - [ ] When the GitHub Actions workflow that uses the `actions/dependency-graph` GitHub Action is triggered -> There is no such GitHub Action.