You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md
+9-9
Original file line number
Diff line number
Diff line change
@@ -85,17 +85,17 @@ The best practices you should take will depend on whether you use {% data variab
85
85
### Using GitHub Actions to access the dependency submission API and the dependency review API
86
86
87
87
If you use {% data variables.product.prodname_actions %} to access the dependency submission API or the dependency review API:
88
-
* Make sure you run all of your dependency submission actions in the same {% data variables.product.prodname_actions %} workflow as your {% data variables.dependency-review.action_name %}. This will give you control over the order of execution, and it will ensure that dependency review will always work.
89
-
* If you do choose to run the {% data variables.dependency-review.action_name %} separately, for instance, as a required workflow, you should:
90
-
+ Set `retry-on-snapshot-warnings` to `true`.
91
-
+ Set `retry-on-snapshot-warnings-timeout` to slightly exceed the typical run time (in seconds) of your longest-running dependency submission action.
88
+
- Make sure you run all of your dependency submission actions in the same {% data variables.product.prodname_actions %} workflow as your {% data variables.dependency-review.action_name %}. This will give you control over the order of execution, and it will ensure that dependency review will always work.
89
+
- If you do choose to run the {% data variables.dependency-review.action_name %} separately, for instance, as a required workflow, you should:
90
+
- Set `retry-on-snapshot-warnings` to `true`.
91
+
- Set `retry-on-snapshot-warnings-timeout` to slightly exceed the typical run time (in seconds) of your longest-running dependency submission action.
92
92
93
93
### Using direct API access to the dependency submission API and the dependency review API
94
94
95
95
If you don’t use {% data variables.product.prodname_actions %}, and your code relies on direct access to the dependency submission API and the dependency review API:
96
-
* Make sure you run the code that calls the dependency submission API first, and then run the code that calls the dependency review API afterwards.
97
-
* If you do choose to run the code for the dependency submission API and the dependency review API in parallel, you should implement a retry logic and note the following:
98
-
+ When there are snapshots missing for either side of the comparison, you will see an explanation for that in the `x-github-dependency-graph-snapshot-warnings` header (as a base64-encoded string). Therefore, if the header is non-empty, you should consider retrying.
99
-
+ Implement a retry logic with exponential backoff retries.
100
-
+ Implement a reasonable number of retries to account for the typical runtime of your dependency submission code.
96
+
- Make sure you run the code that calls the dependency submission API first, and then run the code that calls the dependency review API afterwards.
97
+
- If you do choose to run the code for the dependency submission API and the dependency review API in parallel, you should implement a retry logic and note the following:
98
+
- When there are snapshots missing for either side of the comparison, you will see an explanation for that in the `x-github-dependency-graph-snapshot-warnings` header (as a base64-encoded string). Therefore, if the header is non-empty, you should consider retrying.
99
+
- Implement a retry logic with exponential backoff retries.
100
+
- Implement a reasonable number of retries to account for the typical runtime of your dependency submission code.
0 commit comments