fix instructions

Author: v-thpra

learn-pr/github/configure-dependabot-security-updates-on-github-repo/includes/2-manage-your-dependencies-github.md

@@ -1,6 +1,6 @@
-It's common for software projects to depend on external packages or dependencies. Managing these external dependencies consumes resources and affects productivity. These dependencies can also include vulnerabilities that introduce security threats. A vulnerability is a flaw in a project's code that can be exploited to damage the confidentiality, integrity, or availability of the project or other projects that use its code. You might not even notice dependency vulnerabilities right away, because they exist outside of the code on which you work. Understanding how to effectively and efficiently manage your dependencies with GitHub improves the security of your software supply chain. 
+It's common for software projects to depend on external packages or dependencies. Managing these external dependencies consumes resources and affects productivity. These dependencies can also include vulnerabilities that introduce security threats. A vulnerability is a flaw in a project's code that can be exploited. These exploits can damage the confidentiality, integrity, or availability of the project or other projects that use its code. You might not even notice dependency vulnerabilities right away, because they exist outside of the code on which you work. Understanding how to effectively and efficiently manage your dependencies with GitHub improves the security of your software supply chain. 
 
-In this unit, you'll learn about the GitHub tools for managing your dependencies:
+In this unit, you learn about the GitHub tools for managing your dependencies:
 
 - The Dependency graph
 - The GitHub Advisory Database
@@ -22,19 +22,19 @@ The dependency graph uses the information from your lock and manifest files to p
 - The **direct dependencies** explicitly defined in a manifest or lock file or submitted with the Dependency submission API.
 - The **indirect dependencies**, also known as transitive dependencies or subdependencies, which are dependencies used by packages that are dependencies of your project.
 
-Lock files (or their equivalent) generate the most reliable dependency graph, because they define exactly which versions of the direct and indirect dependencies you currently use. If you use lock files, you also ensure that all contributors to the repository are using the same versions, which makes it easier for you to test and debug code. If your ecosystem doesn't have lock files, you can use premade actions that resolve transitive dependencies for many ecosystems.
+Lock files (or their equivalent) generate the most reliable dependency graph, because they define exactly which versions of the direct and indirect dependencies you currently use. By using lock files, you ensure that all contributors to the repository are using the same versions, making it easier for you to test and debug code. If your ecosystem doesn't have lock files, you can use premade actions that resolve transitive dependencies for many ecosystems.
 
 ### Enable the dependency graph for private repositories
 
 As a repository administrator, you can also choose to enable the dependency graph for private repositories by completing these steps:
 
 1. Go to your GitHub repository.
 2. Select your repository **Settings**.
-3. Select **Code security and analysis**.
-4. Select **Enable** in the dependency graph section.
+3. On the left-hand menu under **Security**, select **Advanced Security**.
+4. In the **Dependency graph** section, select **Enable**.
 
 >[!NOTE]
-> Dependent information is not included for private repositories.
+> Dependent information isn't included for private repositories.
 
 ### View the dependency graph
 
@@ -74,7 +74,7 @@ We generally recommend lock files in your repository, because they define the ex
 
 ![Screenshot of the GitHub Advisory Database.](../media/github-advisory-database.png)
 
-The [GitHub Advisory Database](https://github.com/advisories?azure-portal=true) is a security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software. GitHub collects information on vulnerabilities and includes it in the GitHub Advisory Database to:
+The [GitHub Advisory Database](https://github.com/advisories?azure-portal=true) is a security vulnerability database inclusive of Common Vulnerabilities and Exposures (CVEs)s and GitHub originated security advisories from the world of open source software. GitHub collects information on vulnerabilities and includes it in the GitHub Advisory Database to:
 
 - Provide a free and open-source repository of security advisories.
 - Enable the community to crowd-source their knowledge about these advisories.
@@ -99,32 +99,32 @@ A Software Bill of Materials (SBOM) is a formal, machine-readable inventory of a
 
 - Providing transparency about the dependencies used by your repository.
 - Allowing vulnerabilities to be identified early in the process.
-- Providing insights into the license compliance, security, or quality issues that may exist in your codebase.
+- Providing insights into the license compliance, security, or quality issues that might exist in your codebase.
 - Enabling you to better comply with various data protection standards.
 
 GitHub offers two ways to export a Software Bill of Materials (SBOM) for your repository. You can export the current state of the dependency graph for your repository as an SBOM using the industry-standard [Software Package Data Exchange(SPDX)](https://spdx.github.io/spdx-spec/v2.3/?azure-portal=true) format:
 
-- Via the GitHub UI
-- Using the REST API
+- Through the GitHub UI.
+- By using the REST API.
 
-You can leverage SBOMs as part of your audit process and use them to comply with regulatory and legal requirements. If your company provides software to the US federal government, per [Executive Order 14028](https://www.gsa.gov/technology/it-contract-vehicles-and-purchasing-programs/information-technology-category/it-security/executive-order-14028?azure-portal=true), you'll need to provide an SBOM for your product.
+You can use SBOMs as part of your audit process and use them to comply with regulatory and legal requirements. If your company provides software to the US federal government, per [Executive Order 14028](https://www.gsa.gov/technology/it-contract-vehicles-and-purchasing-programs/information-technology-category/it-security/executive-order-14028?azure-portal=true), you need to provide an SBOM for your product.
 
 ## Dependabot  
 
-Dependabot is a GitHub tool that automates managing your repository’s dependencies. Dependabot keeps your dependencies up to date by informing you of any security vulnerabilities in your dependencies, and automatically opens pull requests to upgrade your dependencies to the next available secure version when a Dependabot alert is triggered, or to the latest version when a release is published. For Dependabot to work, the dependency graph must be enabled in a repository. Dependabot uses the dependency graph and the GitHub Advisory Database to provide three features:
+Dependabot is a GitHub tool that automates managing your repository’s dependencies. Dependabot keeps your dependencies up to date by informing you of any security vulnerabilities in your dependencies. When a Dependabot alert is triggered, it automatically opens pull requests to upgrade your dependencies to the next available secure version, or to the latest version when a release is published. For Dependabot to work, the dependency graph must be enabled in a repository. Dependabot uses the dependency graph and the GitHub Advisory Database to provide three features:
 
-- **Dependabot alerts**: Notify you about vulnerable dependencies, including a link to the affected file in the project and information about a fixed version.
-- **Security updates**: Automatically update or generate a pull request to update vulnerable dependencies.
+- **Dependabot alerts**: These alerts notify you about vulnerable dependencies. Including, a link to the affected file in the project and information about a fixed version.
+- **Security updates**: Automatically update or generate a pull request that updates vulnerable dependencies.
 - **Version updates**: Automatically update supported packages used by your repository on a schedule you configure.
 
 ## Dependency review
 
 You can use dependency review to catch vulnerable dependencies before they're added to your main branch. Dependency review helps you understand dependency changes and the security impact of these changes at every pull request. It provides an easily understandable visualization of dependency changes with a rich diff on a pull request's **Files Changed** tab. By checking the dependency reviews in a pull request and changing any dependencies that are flagged as vulnerable, you can avoid vulnerabilities being added to your project. Dependency review informs you of:
 
-- Which dependencies were added, removed, or updated, along with the release dates.
-- How many projects use these components.
-- Vulnerability data for these dependencies.
+- The dependencies that were added, removed, or updated, along with the release dates.
+- The number of projects that use these components.
+- The vulnerability data for these dependencies.
 
 Where Dependabot is more about automatically monitoring and updating known dependencies, dependency review proactively analyzes dependency changes during pull request to highlight key information, like insecure dependencies, enabling you to keep your project safer. Together, these complementary tools can be used to maintain a more secure and up-to-date codebase.
 
-In the remaining units, you'll learn more about using Dependabot and dependency review in your repository.
+In the remaining units, you learn more about using Dependabot and dependency review in your repository.