Merge pull request #534 from rajbos/main

Make GHES support / setup more clear

README.md

@@ -1,4 +1,4 @@
-# dependency-review-action
+ # dependency-review-action
 
 This action scans your pull requests for dependency changes, and will
 raise an error if any vulnerabilities or invalid licenses are being introduced. The action is supported by an [API endpoint](https://docs.github.com/en/rest/reference/dependency-graph#dependency-review) that diffs the dependencies between any two revisions on your default branch.
@@ -43,7 +43,7 @@ This action is available in Enterprise Server starting with version 3.6. Make su
 Security](https://docs.github.com/en/enterprise-server@3.6/admin/code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise)
 and [GitHub
 Connect](https://docs.github.com/en/enterprise-server@3.6/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect)
-are enabled.
+are enabled, and that you have installed the [dependency-review-action](https://github.com/actions/dependency-review-action) on the server.
 
 You can use the same workflow as above, replacing the `runs-on` value
 with the label of any of your runners (the default label
@@ -144,7 +144,7 @@ For more examples of how to use this action and its configuration options, see t
 
 ### Considerations
 
-- Checking for licenses is not supported on Enterprise Server.
+- Checking for licenses is not supported on Enterprise Server as the API does not return license information.
 - The action will only accept one of the two `license` parameters; an error will be raised if you provide both.
 - We don't have license information for all of your dependents. If we can't detect the license for a dependency **we will inform you, but the action won't fail**.