Update customizing-your-dependency-review-action-configuration.md

Aleksander-Karlsson · web-flow · commit 6bb27d340cb9 · 2026-01-28T14:00:10.000+01:00
According to Dependency review action docs this is already deprecated, and might be removed > ⚠️ This option is deprecated for possible removal in the next major release. See [Deprecate the deny-licenses option #938](actions/dependency-review-action#938) for more information. <br> Contains a list of prohibited licenses. The action will fail on pull requests that introduce dependencies with licenses that match the list. ref section https://github.com/actions/dependency-review-action/blob/main/README.md#configuration
diff --git a/content/code-security/tutorials/secure-your-dependencies/customizing-your-dependency-review-action-configuration.md b/content/code-security/tutorials/secure-your-dependencies/customizing-your-dependency-review-action-configuration.md
@@ -140,8 +140,6 @@ When customizing your dependency review configuration, there are some best pract
 
 * Choose block lists over allow lists. It is more practical to compile a list of the "really bad" dependencies you want to block than to create an inclusive list of all the libraries you want to allow.
 
-* Choose to block licenses instead of specifying which licenses to allow. There are a wide variety of licenses out there, so it's usually more practical to exclude those you know are incompatible with current licenses than it is to compile a complete list of compatible licenses.
-
 * Choose `fail-on-severity`. Failing based on the severity of a vulnerability is a good way to balance the need for security with the need to create low-friction experiences for developers.
 
 ## Further reading
