policy name: ghas_dependency_review_not_enabled
severity: MEDIUM
Enable GitHub Advanced Security dependency review to avoid introducing new vulnerabilities and detect newly discovered vulnerabilities in existing packages.
A contributor may add vulnerable third-party dependencies to the repository, introducing vulnerabilities to your application that will only be detected after merge.
- Make sure you have admin permissions
- Go to the repo's settings page
- Enter "Code security and analysis" tab
- Set "Dependency graph" as Enabled