From 9004fa5687b572229bb995136a3b3b824d2e7a19 Mon Sep 17 00:00:00 2001 From: Rishi Verma Date: Wed, 3 Jul 2024 17:35:31 -0700 Subject: [PATCH] Wording updates from PR review --- .../security/dependency-vulnerability-scanning/README.mdx | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/guides/software-lifecycle/security/dependency-vulnerability-scanning/README.mdx b/docs/guides/software-lifecycle/security/dependency-vulnerability-scanning/README.mdx index 256001067..2637c8555 100644 --- a/docs/guides/software-lifecycle/security/dependency-vulnerability-scanning/README.mdx +++ b/docs/guides/software-lifecycle/security/dependency-vulnerability-scanning/README.mdx @@ -84,9 +84,10 @@ The below steps, once enacted, will ensure that any local `git commit` actions t 4. Grype-based vulnerability scanning should run every time a `git commit` is invoked. The commit will be blocked if CRITICAL level vulnerabilities are found and will ask the developer to fix them prior to committing. ### Step 3: Set Up Automated Repository Scanning -- **GitHub**: - - We recommend installing the official Grype GitHub action to set up automated dependency vulnerability scanning. Available [at this link](https://github.com/marketplace/actions/anchore-container-scan). - - We also recommend setting up GitHub's official Dependabot action to also look for vulnerabilities. See our [GitHub Security Guide](/docs/guides/software-lifecycle/security/github-security) on this. + +For GitHub users, we recommend: + - Installing the official Grype GitHub action to set up automated dependency vulnerability scanning. The tool is available [at this link](https://github.com/marketplace/actions/anchore-container-scan). + - Setting up GitHub's official Dependabot action to also look for vulnerabilities. See our [GitHub Security Guide](/docs/guides/software-lifecycle/security/github-security) on this. ---