New translation batch for cn (#28662)

* Add crowdin translations

* Run script/i18n/homogenize-frontmatter.js

* Run script/i18n/lint-translation-files.js --check rendering

* run script/i18n/reset-files-with-broken-liquid-tags.js --language=cn

* run script/i18n/reset-known-broken-translation-files.js

* Check in cn CSV report

Co-authored-by: Kevin Heis <heiskr@users.noreply.github.com>

translations/log/cn-resets.csv

@@ -156,7 +156,6 @@ translations/zh-CN/content/code-security/code-scanning/using-codeql-code-scannin
 translations/zh-CN/content/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/installing-codeql-cli-in-your-ci-system.md,broken liquid tags
 translations/zh-CN/content/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/running-codeql-runner-in-your-ci-system.md,broken liquid tags
 translations/zh-CN/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md,rendering error
-translations/zh-CN/content/code-security/dependabot/dependabot-alerts/browsing-security-vulnerabilities-in-the-github-advisory-database.md,broken liquid tags
 translations/zh-CN/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md,broken liquid tags
 translations/zh-CN/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md,broken liquid tags
 translations/zh-CN/content/code-security/dependabot/index.md,broken liquid tags
@@ -172,6 +171,7 @@ translations/zh-CN/content/code-security/supply-chain-security/end-to-end-supply
 translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md,broken liquid tags
 translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md,broken liquid tags
 translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md,Listed in localization-support#489
+translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md,broken liquid tags
 translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md,broken liquid tags
 translations/zh-CN/content/codespaces/codespaces-reference/using-github-copilot-in-codespaces.md,broken liquid tags
 translations/zh-CN/content/codespaces/customizing-your-codespace/changing-the-machine-type-for-your-codespace.md,broken liquid tags
@@ -329,6 +329,7 @@ translations/zh-CN/data/release-notes/enterprise-server/3-2/3.yml,broken liquid
 translations/zh-CN/data/release-notes/enterprise-server/3-3/0-rc1.yml,broken liquid tags
 translations/zh-CN/data/release-notes/enterprise-server/3-3/0.yml,broken liquid tags
 translations/zh-CN/data/release-notes/github-ae/2021-03/2021-03-03.yml,broken liquid tags
+translations/zh-CN/data/release-notes/github-ae/2021-06/2021-12-06.yml,broken liquid tags
 translations/zh-CN/data/reusables/actions/actions-use-policy-settings.md,broken liquid tags
 translations/zh-CN/data/reusables/actions/enterprise-common-prereqs.md,broken liquid tags
 translations/zh-CN/data/reusables/actions/enterprise-marketplace-actions.md,broken liquid tags
@@ -347,16 +348,17 @@ translations/zh-CN/data/reusables/code-scanning/run-additional-queries.md,broken
 translations/zh-CN/data/reusables/code-scanning/upload-sarif-ghas.md,broken liquid tags
 translations/zh-CN/data/reusables/dependabot/dependabot-alerts-dependency-graph-enterprise.md,broken liquid tags
 translations/zh-CN/data/reusables/dependabot/enterprise-enable-dependabot.md,broken liquid tags
+translations/zh-CN/data/reusables/dependency-submission/about-dependency-submission.md,broken liquid tags
 translations/zh-CN/data/reusables/dotcom_billing/downgrade-org-to-free.md,broken liquid tags
 translations/zh-CN/data/reusables/enterprise-accounts/emu-password-reset-session.md,broken liquid tags
-translations/zh-CN/data/reusables/enterprise-accounts/emu-short-summary.md,broken liquid tags
+translations/zh-CN/data/reusables/enterprise-accounts/emu-short-summary.md,rendering error
 translations/zh-CN/data/reusables/enterprise-licensing/about-license-sync.md,broken liquid tags
 translations/zh-CN/data/reusables/enterprise-licensing/you-can-sync-for-a-combined-view.md,broken liquid tags
 translations/zh-CN/data/reusables/enterprise_installation/hardware-considerations-all-platforms.md,broken liquid tags
 translations/zh-CN/data/reusables/enterprise_installation/hardware-rec-table.md,broken liquid tags
 translations/zh-CN/data/reusables/enterprise_installation/upgrade-hardware-requirements.md,broken liquid tags
 translations/zh-CN/data/reusables/enterprise_management_console/badge_indicator.md,broken liquid tags
-translations/zh-CN/data/reusables/gated-features/enterprise-accounts.md,broken liquid tags
+translations/zh-CN/data/reusables/gated-features/enterprise-accounts.md,rendering error
 translations/zh-CN/data/reusables/gated-features/packages.md,broken liquid tags
 translations/zh-CN/data/reusables/gated-features/secret-scanning.md,broken liquid tags
 translations/zh-CN/data/reusables/getting-started/actions.md,broken liquid tags
@@ -373,15 +375,14 @@ translations/zh-CN/data/reusables/package_registry/authenticate_with_pat_for_con
 translations/zh-CN/data/reusables/package_registry/docker_registry_deprecation_status.md,Listed in localization-support#489
 translations/zh-CN/data/reusables/package_registry/next-steps-for-packages-enterprise-setup.md,broken liquid tags
 translations/zh-CN/data/reusables/package_registry/packages-cluster-support.md,broken liquid tags
+translations/zh-CN/data/reusables/pages/check-workflow-run.md,broken liquid tags
+translations/zh-CN/data/reusables/pages/pages-builds-with-github-actions-public-beta.md,broken liquid tags
 translations/zh-CN/data/reusables/repositories/deleted_forks_from_private_repositories_warning.md,broken liquid tags
-translations/zh-CN/data/reusables/repositories/enable-security-alerts.md,broken liquid tags
-translations/zh-CN/data/reusables/repositories/github-reviews-security-advisories.md,broken liquid tags
 translations/zh-CN/data/reusables/repositories/select-marketplace-apps.md,broken liquid tags
-translations/zh-CN/data/reusables/saml/saml-session-oauth.md,broken liquid tags
+translations/zh-CN/data/reusables/saml/saml-session-oauth.md,rendering error
 translations/zh-CN/data/reusables/saml/you-must-periodically-authenticate.md,Listed in localization-support#489
-translations/zh-CN/data/reusables/saml/you-must-periodically-authenticate.md,broken liquid tags
+translations/zh-CN/data/reusables/saml/you-must-periodically-authenticate.md,rendering error
 translations/zh-CN/data/reusables/scim/after-you-configure-saml.md,broken liquid tags
 translations/zh-CN/data/reusables/secret-scanning/enterprise-enable-secret-scanning.md,broken liquid tags
-translations/zh-CN/data/reusables/security-advisory/link-browsing-advisory-db.md,broken liquid tags
 translations/zh-CN/data/reusables/sponsors/feedback.md,broken liquid tags
 translations/zh-CN/data/reusables/support/enterprise-resolving-and-closing-tickets.md,broken liquid tags

translations/zh-CN/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md

@@ -201,7 +201,7 @@ If you are a member of more than one organization, you can configure each one to
 {% data reusables.notifications.vulnerable-dependency-notification-delivery-method-customization2 %}
 {% data reusables.notifications.vulnerable-dependency-notification-options %}
 
-For more information about the notification delivery methods available to you, and advice on optimizing your notifications for {% data variables.product.prodname_dependabot_alerts %}, see "[Configuring notifications for vulnerable dependencies](/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies)."
+For more information about the notification delivery methods available to you, and advice on optimizing your notifications for {% data variables.product.prodname_dependabot_alerts %}, see "[Configuring notifications for {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts)."
 {% endif %}
 
 {% ifversion fpt or ghes or ghec %}

translations/zh-CN/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md

@@ -119,7 +119,7 @@ shortTitle: 从收件箱管理
 - `is:discussion`{% endif %}
 
 {% ifversion fpt or ghes or ghae or ghec %}
-有关减少 {% data variables.product.prodname_dependabot_alerts %} 通知干扰的信息，请参阅“[配置漏洞依赖项的通知](/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies)”。
+有关减少 {% data variables.product.prodname_dependabot_alerts %} 通知的噪音的信息，请参阅“[配置 {% data variables.product.prodname_dependabot_alerts %} 通知](/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts)”。
 {% endif %}
 
 您还可以使用 `is:` 查询来描述如何对通知进行分类。
@@ -175,7 +175,7 @@ shortTitle: 从收件箱管理
 
 {% ifversion ghes < 3.3 or ghae %}
 
-如果使用 {% data variables.product.prodname_dependabot %} 来告知易受攻击的依赖项，则可以使用并保存这些自定义筛选器来显示 {% data variables.product.prodname_dependabot_alerts %} 的通知：
+如果您使用 {% data variables.product.prodname_dependabot %} 来告诉您不安全的依赖项，则可以使用这些自定义过滤器来显示 {% data variables.product.prodname_dependabot_alerts %} 的通知：
 - `is:repository_vulnerability_alert`
 - `reason:security_alert`
 

translations/zh-CN/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/permission-levels-for-a-personal-account-repository.md

@@ -49,8 +49,8 @@ shortTitle: 仓库权限
 {% endif %}
 | 自定义仓库的社交媒体预览                                                                                                             | "[自定义仓库的社交媒体预览](/github/administering-a-repository/customizing-your-repositorys-social-media-preview)"                                                                                                                                                       |
 | 从仓库创建模板                                                                                                                  | "[创建模板仓库](/github/creating-cloning-and-archiving-repositories/creating-a-template-repository)" |{% ifversion fpt or ghes or ghae or ghec %}
-| 控制对易受攻击依赖项的 {% data variables.product.prodname_dependabot_alerts %} 访问                                                 | "[管理仓库的安全和分析设置](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)" |{% endif %}{% ifversion fpt or ghec %}
-| 忽略仓库中的 {% data variables.product.prodname_dependabot_alerts %}                                                         | "[查看漏洞依赖项的 {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)"                                                                            |
+| Control access to {% data variables.product.prodname_dependabot_alerts %}                                              | "[管理仓库的安全和分析设置](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)" |{% endif %}{% ifversion fpt or ghec %}
+| 忽略仓库中的 {% data variables.product.prodname_dependabot_alerts %}                                                         | "[Viewing and updating {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts)"                                                                                       |
 | 管理私有仓库的数据使用                                                                                                              | “[管理私有仓库的数据使用设置](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)”
 {% endif %}
 | 定义仓库的代码所有者                                                                                                               | "[关于代码所有者](/github/creating-cloning-and-archiving-repositories/about-code-owners)"                                                                                                                                                                           |

translations/zh-CN/content/actions/hosting-your-own-runners/customizing-the-containers-used-by-jobs.md

@@ -1,11 +1,11 @@
 ---
-title: Customizing the containers used by jobs
-intro: You can customize how your self-hosted runner invokes a container for a job.
+title: 自定义作业使用的容器
+intro: 您可以自定义自托管运行器调用作业容器的方式。
 versions:
   feature: container-hooks
 type: reference
 miniTocMaxHeadingLevel: 4
-shortTitle: Customize containers used by jobs
+shortTitle: 自定义作业使用的容器
 ---
 
 {% note %}
@@ -14,79 +14,79 @@ shortTitle: Customize containers used by jobs
 
 {% endnote %}
 
-## About container customization
+## 关于容器自定义
 
-{% data variables.product.prodname_actions %} allows you to run a job within a container, using the `container:` statement in your workflow file. For more information, see "[Running jobs in a container](/actions/using-jobs/running-jobs-in-a-container)." To process container-based jobs, the self-hosted runner creates a container for each job.
+{% data variables.product.prodname_actions %} 允许您在工作流程文件中使用 `container:` 语句运行容器内的作业。 更多信息请参阅“[在容器中运行作业](/actions/using-jobs/running-jobs-in-a-container)”。 为处理基于容器的作业，自托管运行器会为每个作业创建一个容器。
 
-{% data variables.product.prodname_actions %} supports commands that let you customize the way your containers are created by the self-hosted runner. For example, you can use these commands to manage the containers through Kubernetes or Podman, and you can also customize the `docker run` or `docker create` commands used to invoke the container. The customization commands are run by a script, which is automatically triggered when a specific environment variable is set on the runner. For more information, see "[Triggering the customization script](#triggering-the-customization-script)" below.
+{% data variables.product.prodname_actions %} 支持命令，这些命令允许你自定义自托管运行器创建容器的方式。 例如，您可以使用这些命令通过 Kubernetes 或 Podman 管理容器，还可以自定义 `docker run` 或 `docker create` 命令。 自定义命令由脚本运行，当在运行器上设置特定环境变量时，将自动触发脚本。 更多信息请参阅下面的“[触发自定义脚本](#triggering-the-customization-script)”。
 
-This customization is only available for Linux-based self-hosted runners, and root user access is not required.
+此自定义仅适用于基于 Linux 的自托管运行器，并且不需要 root 用户访问权限。
 
-## Container customization commands
+## 容器自定义命令
 
-{% data variables.product.prodname_actions %} includes the following commands for container customization:
+{% data variables.product.prodname_actions %} 包括以下用于容器自定义的命令：
 
-- [`prepare_job`](/actions/hosting-your-own-runners/customizing-the-containers-used-by-jobs#prepare_job): Called when a job is started.
-- [`cleanup_job`](/actions/hosting-your-own-runners/customizing-the-containers-used-by-jobs#cleanup_job): Called at the end of a job.
-- [`run_container_step`](/actions/hosting-your-own-runners/customizing-the-containers-used-by-jobs#run_container_step): Called once for each container action in the job.
-- [`run_script_step`](/actions/hosting-your-own-runners/customizing-the-containers-used-by-jobs#run_script_step): Runs any step that is not a container action.
+- [`prepare_job`](/actions/hosting-your-own-runners/customizing-the-containers-used-by-jobs#prepare_job)：在作业启动时调用。
+- [`cleanup_job`](/actions/hosting-your-own-runners/customizing-the-containers-used-by-jobs#cleanup_job)：在作业结束时调用。
+- [`run_container_step`](/actions/hosting-your-own-runners/customizing-the-containers-used-by-jobs#run_container_step)：为作业中的每个容器操作调用一次。
+- [`run_script_step`](/actions/hosting-your-own-runners/customizing-the-containers-used-by-jobs#run_script_step)：运行任何不是容器操作的步骤。
 
-Each of these customization commands must be defined in its own JSON file. The file name must match the command name, with the extension `.json`. For example, the `prepare_job` command is defined in `prepare_job.json`. These JSON files will then be run together on the self-hosted runner, as part of the main `index.js` script. This process is described in more detail in "[Generating the customization script](#generating-the-customization-script)."
+这些自定义命令中的每一个都必须在其自己的 JSON 文件中定义。 文件名必须与命令名称匹配，扩展名为 `.json`。 例如，`prepare_job` 命令在 `prepare_job.json` 中定义。 然后，这些 JSON 文件将作为主 `index.js` 脚本的一部分在自托管运行器上一起运行。 此过程在“[生成自定义脚本](#generating-the-customization-script)”中有更详细的描述。
 
-These commands also include configuration arguments, explained below in more detail.
+这些命令还包括配置参数，下面将更详细地介绍这些参数。
 
 ### `prepare_job`
 
-The `prepare_job` command is called when a job is started. {% data variables.product.prodname_actions %} passes in any job or service containers the job has. This command will be called if you have any service or job containers in the job.
+启动作业时调用 `prepare_job` 命令。 {% data variables.product.prodname_actions %} 传入作业具有的任何作业或服务容器。 如果作业中有任何服务或作业容器，则将调用此命令。
 
-{% data variables.product.prodname_actions %} assumes that you will do the following tasks in the `prepare_job` command:
+{% data variables.product.prodname_actions %} 假定您将在 `prepare_job` 命令中执行以下任务：
 
-- Prune anything from previous jobs, if needed.
-- Create a network, if needed.
-- Pull the job and service containers.
-- Start the job container.
-- Start the service containers.
-- Write to the response file any information that {% data variables.product.prodname_actions %} will need:
-  - Required: State whether the container is an `alpine` linux container (using the `isAlpine` boolean).
-  - Optional: Any context fields you want to set on the job context, otherwise they will be unavailable for users to use. For more information, see "[`job` context](/actions/learn-github-actions/contexts#job-context)."
-- Return `0` when the health checks have succeeded and the job/service containers are started.
+- 如果需要，修剪以前作业中的任何内容。
+- 如果需要，创建网络。
+- 拉取作业和服务容器。
+- 启动作业容器。
+- 启动服务容器。
+- 将 {% data variables.product.prodname_actions %} 所需的任何信息写入响应文件：
+  - 必需：说明容器是否为 `alpine` linux 容器（使用 `isAlpine` 布尔值）。
+  - 可选：要在作业上下文中设置的任何上下文字段，否则用户将无法使用它们。 更多信息请参阅“[`job` 上下文](/actions/learn-github-actions/contexts#job-context)”。
+- 运行状况检查成功且作业/服务容器启动时，返回 `0`。
 
 #### 参数
 
-- `jobContainer`: **Optional**. An object containing information about the specified job container.
-  - `image`: **Required**. A string containing the Docker image.
-  - `workingDirectory`: **Required**. A string containing the absolute path of the working directory.
-  - `createOptions`: **Optional**. The optional _create_ options specified in the YAML. For more information, see "[Example: Running a job within a container](/actions/using-jobs/running-jobs-in-a-container#example-running-a-job-within-a-container)."
-  - `environmentVariables`: **Optional**. Sets a map of key environment variables.
-  - `userMountVolumes`: **Optional**. An array of user mount volumes set in the YAML. For more information, see "[Example: Running a job within a container](/actions/using-jobs/running-jobs-in-a-container#example-running-a-job-within-a-container)."
-    - `sourceVolumePath`: **Required**. The source path to the volume that will be mounted into the Docker container.
-    - `targetVolumePath`: **Required**. The target path to the volume that will be mounted into the Docker container.
-    - `readOnly`: **Required**. Determines whether or not the mount should be read-only.
-  - `systemMountVolumes`: **Required**. An array of mounts to mount into the container, same fields as above.
-    - `sourceVolumePath`: **Required**. The source path to the volume that will be mounted into the Docker container.
-    - `targetVolumePath`: **Required**. The target path to the volume that will be mounted into the Docker container.
-    - `readOnly`: **Required**. Determines whether or not the mount should be read-only.
-  - `注册表` **Optional**. The Docker registry credentials for a private container registry.
-    - `username`: **Optional**. The username of the registry account.
-    - `password`: **Optional**. The password to the registry account.
-    - `serverUrl`: **Optional**. The registry URL.
-  - `portMappings`: **Optional**. A key value hash of _source:target_ ports to map into the container.
-- `services`: **Optional**. An array of service containers to spin up.
-  - `contextName`: **Required**. The name of the service in the Job context.
-  - `image`: **Required**. A string containing the Docker image.
-  - `createOptions`: **Optional**. The optional _create_ options specified in the  YAML. For more information, see "[Example: Running a job within a container](/actions/using-jobs/running-jobs-in-a-container#example-running-a-job-within-a-container)."
-  - `environmentVariables`: **Optional**. Sets a map of key environment variables.
-  - `userMountVolumes`: **Optional**. An array of mounts to mount into the container, same fields as above.
-    - `sourceVolumePath`: **Required**. The source path to the volume that will be mounted into the Docker container.
-    - `targetVolumePath`: **Required**. The target path to the volume that will be mounted into the Docker container.
-    - `readOnly`: **Required**. Determines whether or not the mount should be read-only.
-  - `注册表` **Optional**. The Docker registry credentials for the private container registry.
-    - `username`: **Optional**. The username of the registry account.
-    - `password`: **Optional**. The password to the registry account.
-    - `serverUrl`: **Optional**. The registry URL.
-  - `portMappings`: **Optional**. A key value hash of _source:target_ ports to map into the container.
+- `jobContainer`：**可选**。 包含指定作业容器信息的对象。
+  - `image`：**必需**。 包含 Docker 映像的字符串。
+  - `workingDirectory`：**必需**。 包含工作目录绝对路径的字符串。
+  - `createOptions`：**可选**。 可选的 _create_ 选项在 YAML 中指定。 更多信息请参阅“[示例：在容器运行作业](/actions/using-jobs/running-jobs-in-a-container#example-running-a-job-within-a-container)”。
+  - `environmentVariables`：**可选**。 设置关键环境变量的映射。
+  - `userMountVolumes`：**可选**。 在 YAML 中设置的用户装入卷的数组。 更多信息请参阅“[示例：在容器运行作业](/actions/using-jobs/running-jobs-in-a-container#example-running-a-job-within-a-container)”。
+    - `sourceVolumePath`：**必需**。 将装载到 Docker 容器中的卷的源路径。
+    - `targetVolumePath`：**必需**。 将装载到 Docker 容器中的卷的目标路径。
+    - `readOnly`：**必需**。 确定装载是否应为只读。
+  - `systemMountVolumes`：**必需**。 要装载到容器中的装载数组，字段与上述字段相同。
+    - `sourceVolumePath`：**必需**。 将装载到 Docker 容器中的卷的源路径。
+    - `targetVolumePath`：**必需**。 将装载到 Docker 容器中的卷的目标路径。
+    - `readOnly`：**必需**。 确定装载是否应为只读。
+  - `注册表` **可选**。 专用容器注册表的 Docker 注册表凭据。
+    - `username`：**可选**。 注册表帐户的用户名。
+    - `password`：**可选**。 注册表帐户的密码。
+    - `serverUrl`：**可选**。 注册表 URL。
+  - `portMappings`：**可选**。 要映射到容器的 _source:target_ 端口的键值哈希。
+- `services`：**可选**。 要启动的服务容器数组。
+  - `contextName`：**必需**。 作业上下文中服务的名称。
+  - `image`：**必需**。 包含 Docker 映像的字符串。
+  - `createOptions`：**可选**。 可选的 _create_ 选项在 YAML 中指定。 更多信息请参阅“[示例：在容器运行作业](/actions/using-jobs/running-jobs-in-a-container#example-running-a-job-within-a-container)”。
+  - `environmentVariables`：**可选**。 设置关键环境变量的映射。
+  - `userMountVolumes`：**可选**。 要装载到容器中的装载数组，字段与上述字段相同。
+    - `sourceVolumePath`：**必需**。 将装载到 Docker 容器中的卷的源路径。
+    - `targetVolumePath`：**必需**。 将装载到 Docker 容器中的卷的目标路径。
+    - `readOnly`：**必需**。 确定装载是否应为只读。
+  - `注册表` **可选**。 专用容器注册表的 Docker 注册表凭据。
+    - `username`：**可选**。 注册表帐户的用户名。
+    - `password`：**可选**。 注册表帐户的密码。
+    - `serverUrl`：**可选**。 注册表 URL。
+  - `portMappings`：**可选**。 要映射到容器的 _source:target_ 端口的键值哈希。
 
-#### Example input
+#### 示例输入
 
 ```json{:copy}
 {
@@ -171,9 +171,9 @@ The `prepare_job` command is called when a job is started. {% data variables.pro
 }
 ```
 
-#### Example output
+#### 示例输出
 
-This example output is the contents of the `responseFile` defined in the input above.
+此示例输出是上面输入中定义的 `responseFile` 内容。
 
 ```json{:copy}
 {
@@ -205,19 +205,19 @@ This example output is the contents of the `responseFile` defined in the input a
 
 ### `cleanup_job`
 
-The `cleanup_job` command is called at the end of a job. {% data variables.product.prodname_actions %} assumes that you will do the following tasks in the `cleanup_job` command:
+`cleanup_job` 命令在作业结束时调用。 {% data variables.product.prodname_actions %} 假定您将在 `cleanup_job` 命令中执行以下任务：
 
-- Stop any running service or job containers (or the equivalent pod).
-- Stop the network (if one exists).
-- Delete any job or service containers (or the equivalent pod).
-- Delete the network (if one exists).
-- Cleanup anything else that was created for the job.
+- 停止任何正在运行的服务或作业容器（或等效 Pod）。
+- 停止网络（如果存在）。
+- 删除任何作业或服务容器（或等效的 Pod）。
+- 删除网络（如果存在）。
+- 清除为作业创建的任何其他内容。
 
 #### 参数
 
-No arguments are provided for `cleanup_job`.
+没有为 `cleanup_job` 提供任何参数。
 
-#### Example input
+#### 示例输入
 
 ```json{:copy}
 {
@@ -234,46 +234,46 @@ No arguments are provided for `cleanup_job`.
 }
 ```
 
-#### Example output
+#### 示例输出
 
-No output is expected for `cleanup_job`.
+没有 `cleanup_job` 的预期输出。
 
 ### `run_container_step`
 
-The `run_container_step` command is called once for each container action in your job. {% data variables.product.prodname_actions %} assumes that you will do the following tasks in the `run_container_step` command:
+`run_container_step` 命令为作业中的每个容器操作调用一次。 {% data variables.product.prodname_actions %} 假定您将在 `run_container_step` 命令中执行以下任务：
 
-- Pull or build the required container (or fail if you cannot).
-- Run the container action and return the exit code of the container.
-- Stream any step logs output to stdout and stderr.
-- Cleanup the container after it executes.
+- 拉取或构建所需的容器（如果无法拉取或构建，则失败）。
+- 运行容器操作并返回容器的退出代码。
+- 将任何步骤日志输出流式传输到 stdout 和 stderr。
+- 执行容器后清理容器。
 
 #### 参数
 
-- `image`: **Optional**. A string containing the docker image. Otherwise a dockerfile must be provided.
-- `dockerfile`: **Optional**. A string containing the path to the dockerfile, otherwise an image must be provided.
-- `entryPointArgs`: **Optional**. A list containing the entry point args.
-- `entryPoint`: **Optional**. The container entry point to use if the default image entrypoint should be overwritten.
-- `workingDirectory`: **Required**. A string containing the absolute path of the working directory.
-- `createOptions`: **Optional**. The optional _create_ options specified in the YAML. For more information, see "[Example: Running a job within a container](/actions/using-jobs/running-jobs-in-a-container#example-running-a-job-within-a-container)."
-- `environmentVariables`: **Optional**. Sets a map of key environment variables.
-- `prependPath`: **Optional**. An array of additional paths to prepend to the `$PATH` variable.
-- `userMountVolumes`: **Optional**. an array of user mount volumes set in the YAML. For more information, see "[Example: Running a job within a container](/actions/using-jobs/running-jobs-in-a-container#example-running-a-job-within-a-container)."
-  - `sourceVolumePath`: **Required**. The source path to the volume that will be mounted into the Docker container.
-  - `targetVolumePath`: **Required**. The target path to the volume that will be mounted into the Docker container.
-  - `readOnly`: **Required**. Determines whether or not the mount should be read-only.
-- `systemMountVolumes`: **Required**. An array of mounts to mount into the container, using the same fields as above.
-  - `sourceVolumePath`: **Required**. The source path to the volume that will be mounted into the Docker container.
-  - `targetVolumePath`: **Required**. The target path to the volume that will be mounted into the Docker container.
-  - `readOnly`: **Required**. Determines whether or not the mount should be read-only.
-- `注册表` **Optional**. The Docker registry credentials for a private container registry.
-  - `username`: **Optional**. The username of the registry account.
-  - `password`: **Optional**. The password to the registry account.
-  - `serverUrl`: **Optional**. The registry URL.
-- `portMappings`: **Optional**. A key value hash of the _source:target_ ports to map into the container.
+- `image`：**可选**。 包含 Docker 映像的字符串。 否则，必须提供 dockerfile。
+- `dockerfile`：**可选**。 包含 docker 文件路径的字符串，否则必须提供映像。
+- `entryPointArgs`：**可选**。 包含入口点参数的列表。
+- `entryPoint`：**可选**。 应覆盖默认映像入口点时使用的容器入口点。
+- `workingDirectory`：**必需**。 包含工作目录绝对路径的字符串。
+- `createOptions`：**可选**。 可选的 _create_ 选项在 YAML 中指定。 更多信息请参阅“[示例：在容器运行作业](/actions/using-jobs/running-jobs-in-a-container#example-running-a-job-within-a-container)”。
+- `environmentVariables`：**可选**。 设置关键环境变量的映射。
+- `prependPath`：**可选**。 要附加到 `$PATH` 变量前面的其他路径的数组。
+- `userMountVolumes`：**可选**。 在 YAML 中设置的用户装入卷的数组。 更多信息请参阅“[示例：在容器运行作业](/actions/using-jobs/running-jobs-in-a-container#example-running-a-job-within-a-container)”。
+  - `sourceVolumePath`：**必需**。 将装载到 Docker 容器中的卷的源路径。
+  - `targetVolumePath`：**必需**。 将装载到 Docker 容器中的卷的目标路径。
+  - `readOnly`：**必需**。 确定装载是否应为只读。
+- `systemMountVolumes`：**必需**。 要装载到容器中的装载数组，用与上述字段相同的字段。
+  - `sourceVolumePath`：**必需**。 将装载到 Docker 容器中的卷的源路径。
+  - `targetVolumePath`：**必需**。 将装载到 Docker 容器中的卷的目标路径。
+  - `readOnly`：**必需**。 确定装载是否应为只读。
+- `注册表` **可选**。 专用容器注册表的 Docker 注册表凭据。
+  - `username`：**可选**。 注册表帐户的用户名。
+  - `password`：**可选**。 注册表帐户的密码。
+  - `serverUrl`：**可选**。 注册表 URL。
+- `portMappings`：**可选**。 要映射到容器的 _source:target_ 端口的键值哈希。
 
-#### Example input for image
+#### 映像的示例输入
 
-If you're using a Docker image, you can specify the image name in the `"image":` parameter.
+如果您使用的是 Docker 映像，则可以在 `"image":` 参数中指定映像名称。
 
 ```json{:copy}
 {
@@ -347,9 +347,9 @@ If you're using a Docker image, you can specify the image name in the `"image":`
 }
 ```
 
-#### Example input for Dockerfile
+#### Dockerfile 的示例输入
 
-If your container is defined by a Dockerfile, this example demonstrates how to specify the path to a `Dockerfile` in your input, using the `"dockerfile":` parameter.
+如果您的容器由 Dockerfile 定义，此示例演示如何使用 `"dockerfile":` 参数在输入中指定 `Dockerfile` 的路径。
 
 ```json{:copy}
 {
@@ -423,26 +423,26 @@ If your container is defined by a Dockerfile, this example demonstrates how to s
 }
 ```
 
-#### Example output
+#### 示例输出
 
-No output is expected for `run_container_step`.
+没有 `run_container_step` 的预期输出。
 
 ### `run_script_step`
 
-{% data variables.product.prodname_actions %} assumes that you will do the following tasks:
+{% data variables.product.prodname_actions %} 假定您将执行以下任务：
 
-- Invoke the provided script inside the job container and return the exit code.
-- Stream any step log output to stdout and stderr.
+- 调用作业容器内提供的脚本并返回退出代码。
+- 将任何步骤日志输出流式传输到 stdout 和 stderr。
 
 #### 参数
 
-- `entryPointArgs`: **Optional**. A list containing the entry point arguments.
-- `entryPoint`: **Optional**. The container entry point to use if the default image entrypoint should be overwritten.
-- `prependPath`: **Optional**. An array of additional paths to prepend to the `$PATH` variable.
-- `workingDirectory`: **Required**. A string containing the absolute path of the working directory.
-- `environmentVariables`: **Optional**. Sets a map of key environment variables.
+- `entryPointArgs`：**可选**。 包含入口点参数的列表。
+- `entryPoint`：**可选**。 应覆盖默认映像入口点时使用的容器入口点。
+- `prependPath`：**可选**。 要附加到 `$PATH` 变量前面的其他路径的数组。
+- `workingDirectory`：**必需**。 包含工作目录绝对路径的字符串。
+- `environmentVariables`：**可选**。 设置关键环境变量的映射。
 
-#### Example input
+#### 示例输入
 
 ```json{:copy}
 {
@@ -467,63 +467,63 @@ No output is expected for `run_container_step`.
 }
 ```
 
-#### Example output
+#### 示例输出
 
-No output is expected for `run_script_step`.
+没有 `run_script_step` 的预期输出。
 
-## Generating the customization script
+## 生成自定义脚本
 
-{% data variables.product.prodname_dotcom %} has created an example repository that demonstrates how to generate customization scripts for Docker and Kubernetes.
+{% data variables.product.prodname_dotcom %} 创建了一个示例存储库，演示如何为 Docker 和 Kubernetes 生成自定义脚本。
 
 {% note %}
 
-**Note:** The resulting scripts are available for testing purposes, and you will need to determine whether they are appropriate for your requirements.
+**注意：**生成的脚本可用于测试目的，您需要确定它们是否适合您的要求。
 
 {% endnote %}
 
-1. Clone the [actions/runner-container-hooks](https://github.com/actions/runner-container-hooks) repository to your self-hosted runner.
+1. 将 [actions/runner-container-hooks](https://github.com/actions/runner-container-hooks) 存储库克隆到自托管运行器。
 
-1. The `examples/` directory contains some existing customization commands, each with its own JSON file. You can review these examples and use them as a starting point for your own customization commands.
+1. `examples/` 目录包含一些现有的自定义命令，每个命令都有自己的 JSON 文件。 您可以查看这些示例，并将它们用作您自己的自定义命令的起点。
 
    - `prepare_job.json`
    - `run_script_step.json`
    - `run_container_step.json`
 
-1. Build the npm packages. These commands generate the `index.js` files inside `packages/docker/dist` and `packages/k8s/dist`.
+1. 构建 npm 软件包。 这些命令在 `packages/docker/dist` 和 `packages/k8s/dist` 中生成 `index.js` 文件。
 
    ```shell
    npm install && npm run bootstrap && npm run build-all
    ```
 
-When the resulting `index.js` is triggered by {% data variables.product.prodname_actions %}, it will run the customization commands defined in the JSON files. To trigger the `index.js`, you will need to add it your `ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER` environment variable, as described in the next section.
+当生成的 `index.js` 由 {% data variables.product.prodname_actions %} 触发时，它将运行 JSON 文件中定义的自定义命令。 要触发 `index.js`，您需要将其添加到 `ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER` 环境变量中，如下一节所述。
 
-## Triggering the customization script
+## 触发自定义脚本
 
-The custom script must be located on the runner, but should not be stored in the self-hosted runner application directory. 这些脚本在执行运行器服务的服务帐户的安全上下文中执行。
+自定义脚本必须位于运行器上，但不应存储在自托管运行器应用程序目录中。 这些脚本在执行运行器服务的服务帐户的安全上下文中执行。
 
 {% note %}
 
-**Note**: The triggered script is processed synchronously, so it will block job execution while running.
+**注意**：触发的脚本是同步处理的，因此在运行时会阻止作业执行。
 
 {% endnote %}
 
-The script is automatically executed when the runner has the following environment variable containing an absolute path to the script:
+当运行器具有以下包含脚本绝对路径的环境变量时，将自动执行该脚本：
 
-- `ACTIONS_RUNNER_CONTAINER_HOOK`: The script defined in this environment variable is triggered when a job has been assigned to a runner, but before the job starts running.
+- `ACTIONS_RUNNER_CONTAINER_HOOK`：当作业已分配给运行器时，但在作业开始运行之前，将触发此环境变量中定义的脚本。
 
-To set this environment variable, you can either add it to the operating system, or add it to a file named `.env` within the self-hosted runner application directory. For example, the following `.env` entry will have the runner automatically run the script at `/Users/octocat/runner/index.js` before each container-based job runs:
+要设置此环境变量，可以将其添加到操作系统，也可以将其添加到自托管运行器应用程序目录中名为 `.env` 的文件中。 例如，以下 `.env` 条目将让运行器在每个基于容器的作业运行之前，在 `/Users/octocat/runner/index.js` 上自动运行脚本：
 
 ```bash
 ACTIONS_RUNNER_CONTAINER_HOOK=/Users/octocat/runner/index.js
 ```
 
-If you want to ensure that your job always runs inside a container, and subsequently always applies your container customizations, you can set the `ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER` variable on the self hosted runner to `true`. This will fail jobs that do not specify a job container.
+如果要确保作业始终在容器内运行，并随后始终应用容器自定义项，则可以将自托管运行器上的 `ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER` 变量设置为 `true`。 这将使未指定作业容器的作业失败。
 
 ## 疑难解答
 
 ### 无超时设置
 
-There is currently no timeout setting available for the script executed by `ACTIONS_RUNNER_CONTAINER_HOOK`. 因此，您可以考虑向脚本添加超时处理。
+当前没有可用于由 `ACTIONS_RUNNER_CONTAINER_HOOK` 执行的脚本的超时设置。 因此，您可以考虑向脚本添加超时处理。
 
 ### 查看工作流程运行日志
 

translations/zh-CN/content/actions/security-guides/encrypted-secrets.md

@@ -7,6 +7,7 @@ redirect_from:
   - /actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets
   - /actions/configuring-and-managing-workflows/using-variables-and-secrets-in-a-workflow
   - /actions/reference/encrypted-secrets
+miniTocMaxHeadingLevel: 3
 versions:
   fpt: '*'
   ghes: '*'
@@ -283,49 +284,64 @@ steps:
 * 如果分配仓库访问超过 100 个组织密钥，则工作流程只能使用前 100 个组织密钥（按密钥名称字母顺序排序）。
 * 所有 100 个环境机密。
 
-密码大小限于 64 KB。 要使用大于 64 KB 的密码，可以将加密的密码存储在仓库中，并将解密短语在 {% data variables.product.prodname_dotcom %} 上存储为密码。 例如，在将文件检入您在 {% data variables.product.prodname_dotcom %} 上的仓库之前，可以使用 `gpg` 在本地对您的凭据加密。 更多信息请参阅“[gpg manpage](https://www.gnupg.org/gph/de/manual/r1023.html)”。
+密码大小限于 64 KB。 要存储较大的机密，请参阅下面的“[存储大机密](#storing-large-secrets)”解决方法。
+
+### 存储大型机密
+
+要使用大于 64 KB 的密码，可以使用解决方法将加密的密码存储在仓库中，并将解密短语在 {% data variables.product.prodname_dotcom %} 上存储为密码。 例如，您可以使用 `gpg` 在本地加密包含密钥的文件，然后再将加密文件签入 {% data variables.product.prodname_dotcom %} 上的存储库。 更多信息请参阅“[gpg manpage](https://www.gnupg.org/gph/de/manual/r1023.html)”。
 
 {% warning %}
 
-**警告**：请注意，在操作运行时不会打印您的机密。 使用此解决方法时，{% data variables.product.prodname_dotcom %} 不会编写日志中印出的密码。
+**警告**：请注意，在工作流程运行时不会打印您的机密。 使用此解决方法时，{% data variables.product.prodname_dotcom %} 不会编写日志中印出的密码。
 
 {% endwarning %}
 
-1. 从终端运行以下命令，以使用 `gpg` 和 AES256 密码算法对 `my_secret.json` 文件加密。
+1. 从终端运行以下命令，使用 `gpg` 和 AES256 密码算法加密包含密钥的文件。 在此示例中，`my_secret.json` 是包含密钥的文件。
 
- ``` shell
- $ gpg --symmetric --cipher-algo AES256 my_secret.json
- ```
+   ```bash
+   gpg --symmetric --cipher-algo AES256 my_secret.json
+   ```
 
 1. 将会提示您输入密码短语。 请记住该密码短语，因为需要在使用该密码短语作为值的 {% data variables.product.prodname_dotcom %} 上创建新密码。
 
-1. 创建包含密码短语的新密码。 例如，使用名称 `LARGE_SECRET_PASSPHRASE` 创建新密码，并将密码的值设为上一步所选的密码短语。
+1. 创建包含密码短语的新密码。 例如，使用名称 `LARGE_SECRET_PASSPHRASE` 创建新密码，并将密码的值设为上一步使用的密码短语。
 
-1. 将加密的文件复制到仓库并提交。 在本例中，加密的文件是 `my_secret.json.gpg`。
+1. 将加密文件复制到存储库中的路径并提交。 在本例中，加密的文件是 `my_secret.json.gpg`。
 
-1. 创建 shell 脚本对密码解密。 将此文件另存为 `decrypt_secret.sh`。
+   {% warning %}
 
-  ``` shell
-  #!/bin/sh
+   **警告**：请确保复制以 `.gpg` 文件扩展名结尾的加密 `my_secret.json.gpg` 文件，而**非**未加密的 `my_secret.json` 文件。
 
-  # Decrypt the file
-  mkdir $HOME/secrets
-  # --batch to prevent interactive command
-  # --yes to assume "yes" for questions
-  gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" \
-  --output $HOME/secrets/my_secret.json my_secret.json.gpg
-  ```
+   {% endwarning %}
+
+   ```bash
+   git add my_secret.json.gpg
+   git commit -m "Add new encrypted secret JSON file"
+   ```
+
+1. 在存储库中创建一个 shell 脚本来解密机密文件。 在此示例中，脚本名为 `decrypt_secret.sh`。
+
+   ```bash
+   #!/bin/sh
+
+   # Decrypt the file
+   mkdir $HOME/secrets
+   # --batch to prevent interactive command
+   # --yes to assume "yes" for questions
+   gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" \
+   --output $HOME/secrets/my_secret.json my_secret.json.gpg
+   ```
 
 1. 确保 shell 脚本在检入仓库之前可执行。
 
-  ``` shell
-  $ chmod +x decrypt_secret.sh
-  $ git add decrypt_secret.sh
-  $ git commit -m "Add new decryption script"
-  $ git push
-  ```
+   ```bash
+   chmod +x decrypt_secret.sh
+   git add decrypt_secret.sh
+   git commit -m "Add new decryption script"
+   git push
+   ```
 
-1. 从工作流程使用 `step` 调用 shell 脚本并对密码解密。 要在工作流程运行的环境中创建仓库的副本，需要使用 [`actions/checkout`](https://github.com/actions/checkout) 操作。 使用与仓库根目录相关的 `run` 命令引用 shell 脚本。
+1. 在 {% data variables.product.prodname_actions %} 工作流程中，使用 `step` 调用 shell 脚本并解密密钥。 要在工作流程运行的环境中创建仓库的副本，需要使用 [`actions/checkout`](https://github.com/actions/checkout) 操作。 使用与仓库根目录相关的 `run` 命令引用 shell 脚本。
 
    ```yaml
    name: Workflows with large secrets
@@ -339,7 +355,7 @@ steps:
        steps:
          - uses: {% data reusables.actions.action-checkout %}
          - name: Decrypt large secret
-           run: ./.github/scripts/decrypt_secret.sh
+           run: ./decrypt_secret.sh
            env:
              LARGE_SECRET_PASSPHRASE: {% raw %}${{ secrets.LARGE_SECRET_PASSPHRASE }}{% endraw %}
          # This command is just an example to show your secret being printed

translations/zh-CN/content/actions/using-workflows/events-that-trigger-workflows.md

@@ -563,13 +563,7 @@ on:
 
 {% note %}
 
-**注意**：{% data reusables.developer-site.multiple_activity_types %} 有关每种活动类型的信息，请参阅“[web 挂钩事件和有效负载](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request)”。 默认情况下，工作流程仅在 `pull_request` 事件的活动类型为 `opened`、`synchronize` 或 `reopened` 时运行。 您可以使用 `types` 关键字指定不同的活动类型。 更多信息请参阅“[{% data variables.product.prodname_actions %} 的工作流程语法](/articles/workflow-syntax-for-github-actions#onevent_nametypes)”。
-
-{% endnote %}
-
-{% note %}
-
-**注意：** 默认情况下，只有 `opened`、`synchronize` 和 `reopened` 活动类型才会触发在 `pull_request` 事件上运行的工作流程。 要按不同的活动类型触发工作流，请使用 `types` 关键字。
+**注意**：{% data reusables.developer-site.multiple_activity_types %} 有关每种活动类型的信息，请参阅“[web 挂钩事件和有效负载](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request)”。 默认情况下，工作流程仅在 `pull_request` 事件的活动类型为 `opened`、`synchronize` 或 `reopened` 时运行。 要按不同的活动类型触发工作流，请使用 `types` 关键字。 更多信息请参阅“[{% data variables.product.prodname_actions %} 的工作流程语法](/articles/workflow-syntax-for-github-actions#onevent_nametypes)”。
 
 {% endnote %}
 
@@ -782,13 +776,7 @@ on:
 
 {% note %}
 
-**注意**：{% data reusables.developer-site.multiple_activity_types %} 有关每种活动类型的信息，请参阅“[web 挂钩事件和有效负载](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request_target)”。 默认情况下，工作流程仅在 `pull_request_target` 的活动类型为 `opened`、`synchronize` 或 `reopened` 时运行。 要让更多活动类型触发工作流程，请使用 `types` 关键词。 您可以使用 `types` 关键字指定不同的活动类型。 更多信息请参阅“[{% data variables.product.prodname_actions %} 的工作流程语法](/articles/workflow-syntax-for-github-actions#onevent_nametypes)”。
-
-{% endnote %}
-
-{% note %}
-
-**注意：** 默认情况下，只有 `opened`、`synchronize` 和 `reopened` 活动类型才会触发在 `pull_request` 事件上运行的工作流程。 要按不同的活动类型触发工作流，请使用 `types` 关键字。
+**注意**：{% data reusables.developer-site.multiple_activity_types %} 有关每种活动类型的信息，请参阅“[web 挂钩事件和有效负载](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request_target)”。 默认情况下，工作流程仅在 `pull_request_target` 活动的类型为 `opened`、`synchronize` 或 `reopened` 时运行。 要按不同的活动类型触发工作流，请使用 `types` 关键字。 更多信息请参阅“[{% data variables.product.prodname_actions %} 的工作流程语法](/articles/workflow-syntax-for-github-actions#onevent_nametypes)”。
 
 {% endnote %}
 

translations/zh-CN/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/deploying-github-advanced-security-in-your-enterprise.md

@@ -285,11 +285,11 @@ To learn how to view and close alerts for secrets checked into your repository,
 
 ### Step 7: Set up dependency management
 
-GitHub helps you avoid using third-party software that contains known vulnerabilities. We provide the following tools for removing and avoiding vulnerable dependencies.
+GitHub helps you avoid using third-party software that contains known vulnerabilities. We provide the following tools for updating vulnerable dependencies{% ifversion GH-advisory-db-supports-malware %} and removing malware{% endif %}.
 
 | Dependency Management Tool | Description |
 |----|----|
-| Dependabot Alerts | You can track your repository's dependencies and receive Dependabot alerts when your enterprise detects vulnerable dependencies. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)." |
+| Dependabot Alerts | You can track your repository's dependencies and receive Dependabot alerts when your enterprise detects insecure dependencies. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)." |
 | Dependency Graph | The dependency graph is a summary of the manifest and lock files stored in a repository. It shows you the ecosystems and packages your codebase depends on (its dependencies) and the repositories and packages that depend on your project (its dependents). For more information, see "[About the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)." |{% ifversion ghes > 3.1 or ghec %}
 | Dependency Review | If a pull request contains changes to dependencies, you can view a summary of what has changed and whether there are known vulnerabilities in any of the dependencies. For more information, see "[About dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)" or  "[Reviewing Dependency Changes in a Pull Request](/github/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request)." | {% endif %} {% ifversion ghec or ghes > 3.2 %}
 | Dependabot Security Updates | Dependabot can fix vulnerable dependencies for you by raising pull requests with security updates. For more information, see "[About Dependabot security updates](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)." |

translations/zh-CN/content/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise.md

@@ -16,7 +16,7 @@ topics:
 
 {% data reusables.dependabot.about-the-dependency-graph %}更多信息请参阅“[关于依赖关系图](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)”。
 
-为企业启用依赖关系图后，可以启用 {% data variables.product.prodname_dependabot %} 以检测存储库中易受攻击的依赖项{% ifversion ghes > 3.2 %}，并自动修复漏洞{% endif %}。 更多信息请参阅“[为企业启用 {% data variables.product.prodname_dependabot %}](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)”。
+为企业启用依赖关系图后，可以启用 {% data variables.product.prodname_dependabot %} 以检测存储库中非安全依赖项{% ifversion ghes > 3.2 %}，并自动修复漏洞{% endif %}。 更多信息请参阅“[为企业启用 {% data variables.product.prodname_dependabot %}](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)”。
 
 {% ifversion ghes > 3.1 %}
 您可以通过 {% data variables.enterprise.management_console %} 或管理 shell 启用依赖关系图。 我们建议您使用 {% data variables.enterprise.management_console %}，除非 {% data variables.product.product_location %} 使用集群。

translations/zh-CN/content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md

@@ -33,7 +33,7 @@ topics:
 
 {% data reusables.dependabot.dependabot-alerts-beta %}
 
-With {% data variables.product.prodname_dependabot_alerts %}, {% data variables.product.prodname_dotcom %} identifies vulnerable dependencies in repositories and creates alerts on {% data variables.product.product_location %}, using data from the {% data variables.product.prodname_advisory_database %} and the dependency graph service.
+With {% data variables.product.prodname_dependabot_alerts %}, {% data variables.product.prodname_dotcom %} identifies insecure dependencies in repositories and creates alerts on {% data variables.product.product_location %}, using data from the {% data variables.product.prodname_advisory_database %} and the dependency graph service.
 
 {% data reusables.repositories.tracks-vulnerabilities %}
 

translations/zh-CN/content/admin/enterprise-management/monitoring-your-appliance/generating-a-health-check-for-your-enterprise.md

@@ -29,6 +29,8 @@ product: '{% data reusables.gated-features.generated-health-checks %}'
 - Git 请求分析，以及有关最繁忙的存储库和 Git 用户的详细信息
 - API 请求分析，包括最繁忙的时间、最常请求的终端节点和最活跃的调用方
 
+如果要为 {% data variables.product.prodname_ghe_cloud %} 生成运行状况检查，请联系 {% data variables.contact.github_support %}。 更多信息请参阅“[创建支持单](/support/contacting-github-support/creating-a-support-ticket)”。
+
 ## 生成运行状况检查
 
 在生成运行状况检查之前，您必须创建支持包。 更多信息请参阅“[将数据提供给 {% data variables.contact.github_support %}](/support/contacting-github-support/providing-data-to-github-support#creating-and-sharing-support-bundles)”。

translations/zh-CN/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise.md

@@ -143,7 +143,7 @@ Optionally, you can build custom tooling to automatically scale the self-hosted
    - "[Enabling automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect)"
    {%- elsif ghec %}
    - "Manually syncing actions from {% data variables.product.prodname_dotcom_the_website %}" in the [{% data variables.product.prodname_ghe_server %}](/enterprise-server@latest//admin/github-actions/managing-access-to-actions-from-githubcom/manually-syncing-actions-from-githubcom) or [{% data variables.product.prodname_ghe_managed %}](/github-ae@latest//admin/github-actions/managing-access-to-actions-from-githubcom/manually-syncing-actions-from-githubcom) documentation
-   - "Enabling automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}" in the [{% data variables.product.prodname_ghe_server %}](/enterprise-server@latest//admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect) or [{% data variables.product.prodname_ghe_managed %}](/github-ae@latest//admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect) documentation
+   - "Enabling automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}" in the [{% data variables.product.prodname_ghe_server %}](/enterprise-server@latest/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect) or [{% data variables.product.prodname_ghe_managed %}](/github-ae@latest//admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect) documentation
    {%- endif %}
 
 - You can customize the software available on your self-hosted runner machines, or configure your runners to run software similar to {% data variables.product.company_short %}-hosted runners{% ifversion ghes or ghae %} available for customers using {% data variables.product.prodname_dotcom_the_website %}{% endif %}. The software that powers runner machines for {% data variables.product.prodname_actions %} is open source. For more information, see the [`actions/runner`](https://github.com/actions/runner) and [`actions/virtual-environments`](https://github.com/actions/virtual-environments) repositories.

translations/zh-CN/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/saml-configuration-reference.md

@@ -80,7 +80,7 @@ topics:
 | `NameID`              | 是   | 持久用户标识符。 可以使用任意持久名称标识符格式。 {% ifversion ghec %}如果将企业与 {% data variables.product.prodname_emus %} 一起使用， {% endif %}{% data variables.product.product_name %} 将规范化 `NameID` 元素以用作用户名，除非提供了替代断言之一。 更多信息请参阅“[外部身份验证的用户名注意事项](/admin/identity-and-access-management/managing-iam-for-your-enterprise/username-considerations-for-external-authentication)”。 |
 | `SessionNotOnOrAfter` | 否   | {% data variables.product.product_name %} 使关联的会话失效的日期。 失效后，此人必须再次进行身份验证才能访问 {% ifversion ghec or ghae %}企业的资源{% elsif ghes %}{% data variables.product.product_location %}{% endif %}。 更多信息请参阅“[会话持续时间和超时](#session-duration-and-timeout)”。                                                                                                           |
 {%- ifversion ghes or ghae %}
-| `administrator` | 无|当值为 `true` 时，{% data variables.product.product_name %} 会自动将用户提升为 {% ifversion ghes %}站点管理员{% elsif ghae %}企业所有者{% endif %}。 Setting this attribute to anything but `true` will result in demotion, as long as the value is not blank. Omitting this attribute or leaving the value blank will not change the role of the user. | | `username` | 无 | {% data variables.product.product_location %} 的用户名。 |
+| `administrator` | 无|当值为 `true` 时，{% data variables.product.product_name %} 会自动将用户提升为 {% ifversion ghes %}站点管理员{% elsif ghae %}企业所有者{% endif %}。 将此属性设置为除 `true` 以外的任何值都将导致降级，只要该值不为空。 省略此属性或将值留空不会更改用户的角色。 | | `username` | 无 | {% data variables.product.product_location %} 的用户名。 |
 {%- endif %}
 | `full_name` |无| {% ifversion ghec %}如果为企业配置 SAML SSO 并使用 {% data variables.product.prodname_emus %}，则{% else %}{% endif %} 用户的全名显示在用户的个人资料页上。 | | `emails` | 无| 用户的电子邮件地址。{% ifversion ghes or ghae %} 您可以指定多个地址。{% endif %}{% ifversion ghec or ghes %} 如果在 {% data variables.product.prodname_ghe_server %} 和 {% data variables.product.prodname_ghe_cloud %} 之间同步许可证使用情况，{% data variables.product.prodname_github_connect %} 将使用 `emails` 跨产品识别唯一用户。 更多信息请参阅“[在 {% data variables.product.prodname_ghe_server %} 和 {% data variables.product.prodname_ghe_cloud %} 之间同步许可证使用情况](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud)”。{% endif %} | | `public_keys` |无| {% ifversion ghec %}如果为企业配置 SAML SSO 并使用 {% data variables.product.prodname_emus %}，则为{% else %}{% endif %} 用户的公有 SSH 密钥。 您可以指定多个键。 | | `gpg_keys` |无| {% ifversion ghec %}如果为企业配置 SAML SSO 并使用 {% data variables.product.prodname_emus %}，则{% else %}{% endif %}为用户的 GPG 密钥。 您可以指定多个键。 |
 

translations/zh-CN/content/admin/index.md

@@ -64,7 +64,7 @@ redirect_from:
   - /insights/installing-and-configuring-github-insights/managing-data-in-github-insights/managing-repositories
   - /admin/configuration/configuring-your-enterprise/configuring-data-encryption-for-your-enterprise
 introLinks:
-  overview: '{% ifversion ghes %}/admin/overview/system-overview{% elsif ghae %}/admin/overview/about-github-ae{% elsif ghec %}/admin/overview/about-enterprise-accounts{% endif %}'
+  overview: '{% ifversion ghes %}/admin/overview/about-github-enterprise-server{% elsif ghae %}/admin/overview/about-github-ae{% elsif ghec %}/admin/overview/about-enterprise-accounts{% endif %}'
   Releases: '{% ifversion ghes %}/admin/all-releases{% endif %}'
 changelog:
   label: enterprise
@@ -79,7 +79,6 @@ featuredLinks:
     - '{% ifversion ghes %}/admin/overview/about-upgrades-to-new-releases{% endif %}'
     - '{% ifversion ghec %}/admin/user-management/managing-users-in-your-enterprise/roles-in-an-enterprise{% endif %}'
     - '{% ifversion ghec %}/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise{% endif %}'
-    - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise
   guideCards:
     - '{% ifversion ghes > 2.22 %} /admin/github-actions/getting-started-with-github-actions-for-github-enterprise-server {% elsif ghes < 3.0 %} /admin/enterprise-management/upgrading-github-enterprise-server {% endif %}'
     - '{% ifversion ghes > 2.22 %} /admin/packages/getting-started-with-github-packages-for-your-enterprise {% elsif ghes < 3.0 %} /admin/user-management/customizing-user-messages-for-your-enterprise {% endif %}'
@@ -91,6 +90,7 @@ featuredLinks:
     - '{% ifversion ghec %}/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-advanced-security-in-your-enterprise{% endif %}'
     - '{% ifversion ghec %}/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise{% endif %}'
   popular:
+    - /admin/overview/about-github-enterprise-server
     - '{% ifversion ghae %}/admin/release-notes{% endif %}'
     - '{% ifversion ghes %}/github/getting-started-with-github/setting-up-a-trial-of-github-enterprise-server{% endif %}'
     - '{% ifversion ghes %}/admin/installation{% endif %}'
@@ -99,12 +99,11 @@ featuredLinks:
     - '{% ifversion ghae %}/admin/overview/about-upgrades-to-new-releases{% endif %}'
     - '{% ifversion ghae %}/admin/configuration/configuring-your-enterprise/deploying-github-ae{% endif %}'
     - '{% ifversion ghes %}/billing/managing-your-license-for-github-enterprise{% endif %}'
-    - '{% ifversion ghes %}/admin/configuration/command-line-utilities{% endif %}'
+    - /admin/configuration/command-line-utilities
     - '{% ifversion ghec %}/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise{% endif %}'
     - '{% ifversion ghec %}/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise{% endif %}'
     - '{% ifversion ghec %}/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/managing-global-webhooks{% endif %}'
-    - '{% ifversion ghec %}/billing/managing-your-license-for-github-enterprise/using-visual-studio-subscription-with-github-enterprise/setting-up-visual-studio-subscription-with-github-enterprise{% endif %}'
-    - /admin/configuration/configuring-github-connect/managing-github-connect
+    - /billing/managing-your-license-for-github-enterprise/using-visual-studio-subscription-with-github-enterprise/setting-up-visual-studio-subscription-with-github-enterprise
     - /admin/enterprise-support/about-github-enterprise-support
   videos:
     - title: GitHub in the Enterprise – Maya Ross

translations/zh-CN/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise.md

@@ -1160,9 +1160,9 @@ Action                        | Description
 
 | Action | Description
 |--------|-------------
-| `repository_vulnerability_alert.create` | {% data variables.product.product_name %} created a {% data variables.product.prodname_dependabot %} alert for a repository that uses a vulnerable dependency. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)."
-| `repository_vulnerability_alert.dismiss` | An organization owner or repository administrator dismissed a {% data variables.product.prodname_dependabot %} alert about a vulnerable dependency.
-| `repository_vulnerability_alert.resolve` | Someone with write access to a repository pushed changes to update and resolve a vulnerability in a project dependency.
+| `repository_vulnerability_alert.create` | {% data variables.product.product_name %} created a {% data variables.product.prodname_dependabot %} alert for a repository that uses an insecure dependency. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)."
+| `repository_vulnerability_alert.dismiss` | An organization owner or repository administrator dismissed a {% data variables.product.prodname_dependabot %} alert about a vulnerable dependency{% ifversion GH-advisory-db-supports-malware %} or malware{% endif %}.
+| `repository_vulnerability_alert.resolve` | Someone with write access to a repository pushed changes to update and resolve a {% data variables.product.prodname_dependabot %} alert in a project dependency.
 {%- endif %}
 
 {%- ifversion fpt or ghec %}
@@ -1170,7 +1170,7 @@ Action                        | Description
 
 | Action | Description
 |--------|-------------
-| `repository_vulnerability_alerts.authorized_users_teams` | An organization owner or repository administrator updated the list of people or teams authorized to receive {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies in the repository. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)."
+| `repository_vulnerability_alerts.authorized_users_teams` | An organization owner or repository administrator updated the list of people or teams authorized to receive {% data variables.product.prodname_dependabot_alerts %} for the repository. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)."
 | `repository_vulnerability_alerts.disable` | A repository owner or repository administrator disabled {% data variables.product.prodname_dependabot_alerts %}.
 | `repository_vulnerability_alerts.enable` | A repository owner or repository administrator enabled {% data variables.product.prodname_dependabot_alerts %}.
 {%- endif %}
@@ -1227,6 +1227,13 @@ Action                        | Description
 | `secret_scanning_new_repos.enable` | An organization owner enabled secret scanning for all new{% ifversion ghec %} private or internal{% endif %} repositories.
 {%- endif %}
 
+{% ifversion secret-scanning-push-protection-bypasses %}
+## `secret_scanning_push_protection` category actions
+
+| Action | Description
+|--------|-------------
+| `bypass` | Triggered when a user bypasses the push protection on a secret detected by secret scanning. For more information, see "[Bypassing push protection for a secret](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#bypassing-push-protection-for-a-secret)."{% endif %}
+
 {%- ifversion ghec or ghes or ghae %}
 ## `security_key` category actions
 

translations/zh-CN/content/admin/overview/about-github-ae.md

@@ -11,9 +11,9 @@ topics:
 
 ## 关于 {% data variables.product.prodname_ghe_managed %}
 
-{% data reusables.github-ae.github-ae-enables-you %} {% data variables.product.prodname_ghe_managed %} 受到完全管理、可靠和且可扩展的，允许您在不牺牲风险管理的情况下加速交付。
+{% data reusables.github-ae.github-ae-enables-you %} {% data variables.product.prodname_ghe_managed %} 是完全托管、可靠且可扩展的，使您能够加快交付速度，同时改善风险和合规性状况。
 
-{% data variables.product.prodname_ghe_managed %} 提供一个从想法到生产的开发者平台。 您可以使用团队了解和喜爱的工具提高开发速度，同时通过独特的安全和访问控制、工作流自动化及政策执行来维护行业和监管合规性。
+{% data variables.product.prodname_ghe_managed %} 提供一个从想法到生产的开发者平台。 您可以使用团队了解和喜爱的工具提高开发速度，同时通过安全和访问控制、工作流自动化及政策执行来维护行业和监管合规性。
 
 ## 高度可用的行星级云
 
@@ -21,11 +21,13 @@ topics:
 
 ## 数据存储
 
-您的所有数据都存储在您选择的地理区域内。 您可以遵守 GDRPR 和全球数据保护标准，将您的所有数据保存在您选定的区域。
+您的所有数据都存储在您选择的地理区域内。 您可以遵守 GDRPR 数据驻留要求和全球数据保护标准，将您的所有数据保存在您选定的区域。
 
 ## 隔离的帐户
 
-所有开发者帐户在 {% data variables.product.prodname_ghe_managed %} 中完全隔离。 您可以通过身份提供商完全控制帐户，以 SAML 单点登录作为强制性要求。 SCIM 可让您确保员工只能访问他们应该访问的资源，如您的中央身份管理系统中所定义。 更多信息请参阅“[管理企业的身份和访问](/admin/authentication/managing-identity-and-access-for-your-enterprise)”。
+默认情况下，{% data variables.product.product_name %} 上的所有开发人员帐户都与其他服务（包括 {% data variables.product.company_short %} 中的产品）完全隔离。 您可以通过身份提供商控制帐户，以 SAML 单点登录作为强制性要求。 SCIM 可让您确保员工只能访问他们应该访问的资源，如您的中央身份管理系统中所定义。 更多信息请参阅“[管理企业的身份和访问](/admin/authentication/managing-identity-and-access-for-your-enterprise)”。
+
+（可选）企业所有者可以在 {% data variables.product.product_name %} 和 {% data variables.product.prodname_dotcom_the_website %} 之间启用有限的集成。 更多信息请参阅“[关于 {% data variables.product.prodname_github_connect %}](/admin/configuration/configuring-github-connect/about-github-connect)”。
 
 ## 受限制的网络访问
 

translations/zh-CN/content/admin/overview/about-github-enterprise-server.md

@@ -0,0 +1,99 @@
+---
+title: About GitHub Enterprise Server
+intro: '{% data variables.product.product_name %} is a software development platform that you can host in a private environment.'
+versions:
+  ghes: '*'
+type: overview
+topics:
+  - Enterprise
+  - Fundamentals
+---
+
+## 关于 {% data variables.product.product_name %}
+
+{% data reusables.enterprise.ghes-is-a-self-hosted-platform %} Your team can use {% data variables.product.product_name %} to build and ship software using Git version control, powerful APIs, productivity and collaboration tools, and integrations. Developers familiar with {% data variables.product.prodname_dotcom_the_website %} can onboard and contribute seamlessly using familiar features and workflows.
+
+{% data reusables.enterprise.ghes-runs-on-your-infrastructure %}
+
+{% data reusables.enterprise.github-distributes-ghes %} For more information, see "[System overview](/admin/overview/system-overview)."
+
+You can choose to deploy {% data variables.product.product_name %} on premises, or to a supported cloud environment.
+
+## Supported environments for deployment
+
+You can deploy {% data variables.product.product_name %} to a virtualization hypervisor within your on-premises datacenter, or to a public cloud service.
+
+{% data variables.product.company_short %} supports the following virtualization hypervisors for on-premises deployment.
+
+- Microsoft Hyper-V
+- OpenStack KVM
+- VMware ESXi
+
+{% data variables.product.company_short %} supports the following services for cloud deployment.
+
+- Amazon Web Services (AWS)
+- Google Cloud Platform (GCP)
+- Microsoft Azure
+
+更多信息请参阅“[设置 {% data variables.product.prodname_ghe_server %} 实例](/admin/installation/setting-up-a-github-enterprise-server-instance)”。
+
+## About releases and upgrades
+
+{% data reusables.enterprise.constantly-improving %} You are responsible for upgrades to your instance. For more information, see "[{% data variables.product.product_name %} releases](/admin/all-releases)."
+
+## About administration
+
+You can configure and monitor {% data variables.product.product_name %} via browser, administrative SSH access, and REST or GraphQL APIs. {% data variables.product.company_short %} has found that people with Linux administration experience are more successful with the deployment and maintainance of {% data variables.product.product_name %}.
+
+You can give certain employees administrative access to {% data variables.product.product_name %}, so they can set up external authentication, configure the instance to meet developer needs, and monitor the instance's activity and performance. To ensure compliance with business rules or regulatory restrictions, administrators can configure policies that control how people use {% data variables.product.product_location %}. 更多信息请参阅以下文章。
+
+- "[About authentication for your enterprise](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise)"
+- "[Configuring your enterprise](/admin/configuration/configuring-your-enterprise)"
+- "[About the {% data variables.product.prodname_enterprise %} API](/admin/overview/about-the-github-enterprise-api)"
+- "[Monitoring your appliance](/admin/enterprise-management/monitoring-your-appliance)"
+- "[Monitoring activity in your enterprise](/admin/monitoring-activity-in-your-enterprise)"
+- "[About enterprise policies](/admin/policies/enforcing-policies-for-your-enterprise/about-enterprise-policies)"
+
+## About optional features
+
+You can configure optional features for {% data variables.product.product_name %} that improve the software development lifecycle for your enterprise.
+
+| 功能                                                           | 描述                                                                                                   | 更多信息                                                                                                                                                                        |
+|:------------------------------------------------------------ |:---------------------------------------------------------------------------------------------------- |:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| {% data variables.product.prodname_actions %}                | Automate CI/CD and development workflows                                                             | "[关于企业的 {% data variables.product.prodname_actions %}](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises)" |
+| {% data variables.product.prodname_github_connect %}       | Benefit from the power of {% data variables.product.prodname_dotcom_the_website %} in limited ways | "[关于 {% data variables.product.prodname_github_connect %}](/admin/configuration/configuring-github-connect/about-github-connect)"                                         |
+| {% data variables.product.prodname_GH_advanced_security %} | Improve code security and quality                                                                    | "[关于 {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)"                                      |
+| {% data variables.product.prodname_registry %}               | Host software packages for your enterprise                                                           | "[Introduction to {% data variables.product.prodname_registry %}](/packages/learn-github-packages/introduction-to-github-packages)"                                         |
+
+## About deployment topologies
+
+By default, {% data variables.product.product_name %} runs as a standalone instance. You can increase the reliability and performance of {% data variables.product.product_name %} by using a different topology for your deployment.
+
+- To mitigate the impact of system or network failures, you can deploy a passive replica instance. During an outage that affects your primary instance, you can manually fail over to the replica instance. 更多信息请参阅“[关于高可用性配置](/admin/enterprise-management/configuring-high-availability/about-high-availability-configuration)”。
+- You can configure multiple active replicas to improve performance for developers who are geographically distant from your primary instance. 更多信息请参阅“[关于 Geo-replication](/admin/enterprise-management/configuring-high-availability/about-geo-replication)”。
+- Some enterprises with tens of thousands of developers may benefit from a cluster configuration that scales horizontally instead of vertically. 更多信息请参阅“[关于集群](/admin/enterprise-management/configuring-clustering/about-clustering)。”
+
+## About backups and disaster recovery
+
+To safeguard against data loss or service disruptions for your developers, {% data variables.product.company_short %} strongly recommends that you establish a plan for disaster recovery. You can back up your instance's configuration and user data by deploying and configuring a Linux or Unix host system with {% data variables.product.prodname_enterprise_backup_utilities %}. 更多信息请参阅“[在设备上配置备份](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance)”。
+
+Additionally, you can configure a passive replica instance to fail over to in the event of a system or network failure. For more information, see "[About deployment](#about-deployment-topologies)."
+
+## About documentation
+
+Documentation for both administrators and users of {% data variables.product.product_name %} is available on this site, {% data variables.product.prodname_docs %}.
+
+- [企业管理员文档](/admin)
+- [User documentation](/)
+
+Different versions of {% data variables.product.product_name %} are reflected separately in the documentation on {% data variables.product.prodname_docs %}. 更多信息请参阅“[关于 {% data variables.product.prodname_docs %} 的版本](/get-started/learning-about-github/about-versions-of-github-docs)”。
+
+## Trying {% data variables.product.product_name %}
+
+You can sign up for a free, 45-day trial of {% data variables.product.product_name %}. 更多信息请参阅“[设置 {% data variables.product.prodname_ghe_server %} 的试用](/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server)”。
+
+## 延伸阅读
+
+- "[开始使用 {% data variables.product.product_name %}](/get-started/onboarding/getting-started-with-github-enterprise-server)"
+- “[关于 {% data variables.contact.github_support %}](/support/learning-about-github-support/about-github-support)”
+- `github/roadmap` 仓库中的 [ {% data variables.product.prodname_roadmap %} ]({% data variables.product.prodname_roadmap_link %})

translations/zh-CN/content/admin/overview/index.md

@@ -8,6 +8,7 @@ versions:
   ghes: '*'
   ghae: '*'
 children:
+  - /about-github-enterprise-server
   - /about-github-ae
   - /about-upgrades-to-new-releases
   - /about-data-residency

translations/zh-CN/content/admin/overview/system-overview.md

@@ -1,6 +1,6 @@
 ---
 title: 系统概述
-intro: '{% data variables.product.prodname_ghe_server %} 是包含在虚拟设备中属于您的组织的 {% data variables.product.prodname_dotcom %} 私有副本，此虚拟设备托管在您配置和控制的本地或云中。'
+intro: '详细了解 {% data variables.product.product_name %} 的系统内部、功能和安全性。'
 redirect_from:
   - /enterprise/admin/installation/system-overview
   - /enterprise/admin/overview/system-overview
@@ -15,53 +15,57 @@ topics:
   - Storage
 ---
 
+## 关于 {% data variables.product.product_name %}
+
+{% data reusables.enterprise.ghes-is-a-self-hosted-platform %} {% data reusables.enterprise.github-distributes-ghes %} 更多信息请参阅“[关于 {% data variables.product.prodname_ghe_server %}](/admin/overview/about-github-enterprise-server)”。
+
 ## 存储架构
 
-{% data variables.product.prodname_ghe_server %} 需要两个存储卷，一个安装在*根文件系统*路径下 (`/`)，另一个安装在*用户文件系统*路径下 (`/data/user`)。 这种架构将运行软件环境与持久应用程序数据分离，从而可以简化升级、回滚和恢复程序。
+{% data variables.product.product_name %} 需要两个存储卷，一个安装在*根文件系统*路径下 (`/`)，另一个安装在*用户文件系统*路径下 (`/data/user`)。 这种架构将运行软件环境与持久应用程序数据分离，从而可以简化升级、回滚和恢复程序。
 
-根文件系统包含在分布式机器映像中。 它包含基本操作系统和 {% data variables.product.prodname_ghe_server %} 应用程序环境。 根文件系统应被视为临时性的。 升级到今后的 {% data variables.product.prodname_ghe_server %} 版本时，根文件系统中的所有数据都将被替代。
+根文件系统包含在分布式机器映像中。 它包含基本操作系统和 {% data variables.product.product_name %} 应用程序环境。 根文件系统应被视为临时性的。 升级到今后的 {% data variables.product.product_name %} 版本时，根文件系统中的所有数据都将被替代。
 
 根存储量分成两个相同大小的分区。 其中一个分区将被挂载为根文件系统 (`/`)。 另一个分区仅在升级和升级的回滚过程中作为 `/mnt/upgrade` 安装，以便在必要时更容易行回滚。 例如，如果分配了 200GB 根卷，將有 100GB 分配到根文件系统，100GB 用于升级和回滚。
 
-根文件系统包含：
-  - 自定义证书颁发机构 (CA) 证书（*/usr/local/share/ca-certificates* 中）
-  - 自定义网络配置
-  - 自定义防火墙配置
-  - 复制状态
+根文件系统包含存储以下信息的文件。 此列表并非详尽无遗。
 
-用户文件系统包含用户配置和数据，例如：
-  - Git 仓库
-  - 数据库
-  - 搜索索引
-  - 在 {% data variables.product.prodname_pages %} 站点上发布的内容
-  - {% data variables.large_files.product_name_long %} 中的大文件
-  - 预接收挂钩环境
+- 自定义证书颁发机构 (CA) 证书（`/usr/local/share/ca-certificates` 中）
+- 自定义网络配置
+- 自定义防火墙配置
+- 复制状态
 
-## 部署选项
+用户文件系统包含存储以下配置和数据的文件。 此列表并非详尽无遗。
 
-您可以将 {% data variables.product.prodname_ghe_server %} 部署为一个虚拟设备，也可采用高可用性配置。 更多信息请参阅“[配置 {% data variables.product.prodname_ghe_server %} 以实现高可用性](/admin/enterprise-management/configuring-high-availability)”。
+- Git 仓库
+- 数据库
+- 搜索索引
+- 在 {% data variables.product.prodname_pages %} 站点上发布的内容
+- {% data variables.large_files.product_name_long %} 中的大文件
+- 预接收挂钩环境
 
-某些拥有成千上万名开发者的组织还会从使用 {% data variables.product.prodname_ghe_server %} 集群中受益。 更多信息请参阅“[关于集群](/admin/enterprise-management/configuring-clustering/about-clustering)。”
+## 部署拓扑
+
+可以在各种拓扑（如高可用性对）中部署 {% data variables.product.product_name %}。 更多信息请参阅“[关于 {% data variables.product.prodname_ghe_server %}](/admin/overview/about-github-enterprise-server#about-deployment-topologies)”。
 
 ## 数据保留和数据中心冗余
 
-{% danger %}
+{% warning %}
 
-在生产环境中使用 {% data variables.product.prodname_ghe_server %} 之前，我们强烈建议您设置备份和灾难恢复计划。 更多信息请参阅“[在设备上配置备份](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance)”。
+**警告**：在生产环境中使用 {% data variables.product.product_name %} 之前，我们强烈建议您设置备份和灾难恢复计划。
 
-{% enddanger %}
+{% endwarning %}
 
-{% data variables.product.prodname_ghe_server %} 支持通过 [{% data variables.product.prodname_enterprise_backup_utilities %}](https://github.com/github/backup-utils) 进行在线和增量备份。 您可以通过安全网络链接（SSH 管理端口）远距离为场外或地理上分散的存储生成增量快照。 在主数据中心发生灾难时，您可以在恢复时通过网络将快照恢复到新配置的设备中。
+{% data variables.product.product_name %} 支持通过 {% data variables.product.prodname_enterprise_backup_utilities %} 进行在线和增量备份。 您可以通过安全网络链接（SSH 管理端口）远距离为场外或地理上分散的存储生成增量快照。 在主数据中心发生灾难时，您可以在恢复时通过网络将快照恢复到新预配的实例中。
 
-除网络备份外，在设备处于离线或维护模式时，还支持用户存储卷的 AWS (EBS) 和 VMware 磁盘快照。 如果您的服务级别要求允许定期离线维护，可以将定期卷快照用作低成本、低复杂性的方案，代替通过 {% data variables.product.prodname_enterprise_backup_utilities %} 进行网络备份。
+除网络备份外，在实例处于离线或维护模式时，还支持用户存储卷的 AWS (EBS) 和 VMware 磁盘快照。 如果您的服务级别要求允许定期离线维护，可以将定期卷快照用作低成本、低复杂性的方案，代替通过 {% data variables.product.prodname_enterprise_backup_utilities %} 进行网络备份。
 
 更多信息请参阅“[在设备上配置备份](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance)”。
 
 ## 安全
 
-{% data variables.product.prodname_ghe_server %} 是一个在基础设施上运行的虚拟设备，受您现有的信息安全控制（如防火墙、IAM、监控和 VPN）所管辖。 使用 {% data variables.product.prodname_ghe_server %} 可以帮助您避免因云解决方案而产生的管理合规问题。
+{% data reusables.enterprise.ghes-runs-on-your-infrastructure %}
 
-{% data variables.product.prodname_ghe_server %} 还包含额外的安全功能。
+{% data variables.product.product_name %} 还包含额外的安全功能。
 
 - [操作系统、软件和补丁](#operating-system-software-and-patches)
 - [网络安全性](#network-security)
@@ -74,33 +78,33 @@ topics:
 
 ### 操作系统、软件和补丁
 
-{% data variables.product.prodname_ghe_server %} 运行自定义的 Linux 操作系统，其中只包含必要的应用程序和服务。 {% data variables.product.prodname_dotcom %} 将管理设备核心操作系统的补丁作为其标准产品发布周期的一部分。 补丁可解决 {% data variables.product.prodname_dotcom %} 应用程序的功能、稳定性和非关键性安全问题。 {% data variables.product.prodname_dotcom %} 还根据需要在常规发布周期之外提供重要的安全补丁。
+{% data variables.product.product_name %} 运行自定义的 Linux 操作系统，其中只包含必要的应用程序和服务。 {% data variables.product.company_short %} 在其标准产品发布周期中分发实例核心操作系统的补丁。 补丁解决 {% data variables.product.product_name %} 的功能、稳定性和非关键性安全问题。 {% data variables.product.company_short %} 还根据需要在常规发布周期之外提供重要的安全补丁。
 
-{% data variables.product.prodname_ghe_server %} 作为一种设备提供，许多操作系统包与通常的 Debian 分发相比进行了修改。 因此，我们不支持修改基础操作系统（包括操作系统升级），与 [{% data variables.product.prodname_ghe_server %} 许可和支持协议](https://enterprise.github.com/license)第 11.3“除外条款”保持一致。
+{% data variables.product.product_name %} 作为一种设备提供，许多操作系统包与通常的 Debian 分发相比进行了修改。 因此，我们不支持修改基础操作系统（包括操作系统升级），与 [{% data variables.product.prodname_ghe_server %} 许可和支持协议](https://enterprise.github.com/license)第 11.3“除外条款”保持一致。
 
-目前，{% data variables.product.prodname_ghe_server %} 设备的基础是 Debian 9 (Stretch)，并接受 Debian 长期支持计划的支持。  计划在 Stretch 的 Debian LTS 期间结束前迁移到更新的基础操作系统。
+目前，{% data variables.product.product_name %} 的基本操作系统是 Debian 9 (Stretch)，它在 Debian 长期支持计划下获得支持。  计划在 Stretch 的 Debian LTS 期间结束前迁移到更新的基础操作系统。
 
-定期补丁更新发布在 {% data variables.product.prodname_ghe_server %} [发行](https://enterprise.github.com/releases)页面上，[发行说明](/admin/release-notes)页面提供详细信息。 这些补丁一般含有经过测试并且质量经过我们工程团队批准的上游供应商和项目安全补丁。 从上游更新发布到测试以及捆绑于即将发布的 {% data variables.product.prodname_ghe_server %} 补丁版本中时，可能稍有延迟。
+定期补丁更新发布在 {% data variables.product.product_name %} [发行](https://enterprise.github.com/releases)页面上，[发行说明](/admin/release-notes)页面提供详细信息。 这些补丁一般含有经过测试并且质量经过我们工程团队批准的上游供应商和项目安全补丁。 从上游更新发布到测试以及捆绑于即将发布的 {% data variables.product.product_name %} 补丁版本中时，可能稍有延迟。
 
 ### 网络安全性
 
-{% data variables.product.prodname_ghe_server %} 的内部防火墙限制对设备服务的网络访问。 网络上仅提供设备正常运行所需的服务。 更多信息请参阅“[网络端口](/admin/configuration/configuring-network-settings/network-ports)”。
+{% data variables.product.product_name %} 的内部防火墙限制对实例服务的网络访问。 网络上仅提供设备正常运行所需的服务。 更多信息请参阅“[网络端口](/admin/configuration/configuring-network-settings/network-ports)”。
 
 ### 应用程序安全性
 
-{% data variables.product.prodname_dotcom %} 的应用程序安全团队全时关注 {% data variables.product.prodname_dotcom %} 产品（包括 {% data variables.product.prodname_ghe_server %}）的漏洞评估、渗透测试和代码审查。 {% data variables.product.prodname_dotcom %} 还与外部安全公司签约，要求他们对 {% data variables.product.prodname_dotcom %} 产品定期进行安全性评估。
+{% data variables.product.company_short %} 的应用程序安全团队全时关注 {% data variables.product.company_short %} 产品（包括 {% data variables.product.product_name %}）的漏洞评估、渗透测试和代码审查。 {% data variables.product.company_short %} 还与外部安全公司签约，要求他们对 {% data variables.product.company_short %} 产品定期进行安全性评估。
 
 ### 外部服务和支持
 
-{% data variables.product.prodname_ghe_server %} 无需从网络访问外部服务也可以正常运行。 您可以选择集成外部服务，以提供电子邮件传送、外部监控和日志转发等功能。 更多信息请参阅“[配置电子邮件通知](/admin/configuration/configuring-your-enterprise/configuring-email-for-notifications)”、“[设置外部监控](/admin/enterprise-management/monitoring-your-appliance/setting-up-external-monitoring)”和“[日志转发](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/log-forwarding)”。
+{% data variables.product.product_name %} 无需从网络访问外部服务也可以正常运行。 您可以选择集成外部服务，以提供电子邮件传送、外部监控和日志转发等功能。 更多信息请参阅“[配置电子邮件通知](/admin/configuration/configuring-your-enterprise/configuring-email-for-notifications)”、“[设置外部监控](/admin/enterprise-management/monitoring-your-appliance/setting-up-external-monitoring)”和“[日志转发](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/log-forwarding)”。
 
 您可以手动收集故障排除数据并发送至 {% data variables.contact.github_support %}。 更多信息请参阅“[将数据提供给 {% data variables.contact.github_support %}](/support/contacting-github-support/providing-data-to-github-support)”。
 
 ### 加密通信
 
-{% data variables.product.prodname_dotcom %} 将 {% data variables.product.prodname_ghe_server %} 设计为在公司防火墙后面运行。 为确保线路通信安全，我们建议您启用传输层安全协议 (TLS)。 {% data variables.product.prodname_ghe_server %} 在 HTTPS 流量方面支持 2048 位和更高的商业 TLS 证书。 更多信息请参阅“[配置 TLS](/admin/configuration/configuring-network-settings/configuring-tls)”。
+{% data variables.product.company_short %} 将 {% data variables.product.product_name %} 设计为在公司防火墙后面运行。 为确保线路通信安全，我们建议您启用传输层安全协议 (TLS)。 {% data variables.product.product_name %} 在 HTTPS 流量方面支持 2048 位和更高的商业 TLS 证书。 更多信息请参阅“[配置 TLS](/admin/configuration/configuring-network-settings/configuring-tls)”。
 
-默认情况下，该设备还为使用 Git 的仓库访问和管理目的提供安全 Shell (SSH) 访问。 更多信息请参阅“[关于 SSH](/authentication/connecting-to-github-with-ssh/about-ssh)”和“[访问管理 shell (SSH)](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)“。
+默认情况下，实例还为使用 Git 的仓库访问和管理目的提供安全 Shell (SSH) 访问。 更多信息请参阅“[关于 SSH](/authentication/connecting-to-github-with-ssh/about-ssh)”和“[访问管理 shell (SSH)](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)“。
 
 {% ifversion ghes > 3.3 %}
 
@@ -110,17 +114,17 @@ topics:
 
 ### 用户和访问权限
 
-{% data variables.product.prodname_ghe_server %} 提供三种类型的帐户。
+{% data variables.product.product_name %} 提供三种类型的帐户。
 
 - `管理员` Linux 用户帐户已控制对基础操作系统的访问，包括对直接文件系统和数据库的访问。 一小部分受信任的管理员应该有权访问此帐户，他们可以通过 SSH 访问。 更多信息请参阅“[访问管理 shell (SSH)](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)。”
-- 设备 Web 应用程序中的用户帐户对自己的数据以及其他用户或组织明确授予权限的任何数据具有完全访问权限。
-- 设备 Web 应用程序中的站点管理员是可以管理高级 Web 应用程序和设备设置、用户和组织帐户设置以及仓库数据的用户帐户。
+- 实例 Web 应用程序中的用户帐户对自己的数据以及其他用户或组织明确授予权限的任何数据具有完全访问权限。
+- 实例 Web 应用程序中的站点管理员是可以管理高级 Web 应用程序和实例设置、用户和组织帐户设置以及仓库数据的用户帐户。
 
-关于 {% data variables.product.prodname_ghe_server %} 用户权限的更多信息，请参阅“[GitHub 上的访问权限](/get-started/learning-about-github/access-permissions-on-github) ”。
+关于 {% data variables.product.product_name %} 用户权限的更多信息，请参阅“[{% data variables.product.prodname_dotcom %} 上的访问权限](/get-started/learning-about-github/access-permissions-on-github)”。
 
 ### 身份验证
 
-{% data variables.product.prodname_ghe_server %} 提供四种身份验证方法。
+{% data variables.product.product_name %} 提供四种身份验证方法。
 
 - SSH 公钥身份验证提供使用 Git 的仓库访问权限和管理 shell 的访问权限。 更多信息请参阅“[关于 SSH](/authentication/connecting-to-github-with-ssh/about-ssh)”和“[访问管理 shell (SSH)](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)“。
 - 使用 HTTP cookie 的用户名和密码身份验证提供 Web 应用程序访问和会话管理权限，可选择双重身份验证 (2FA)。 更多信息请参阅“[使用内置身份验证](/admin/identity-and-access-management/authenticating-users-for-your-github-enterprise-server-instance/using-built-in-authentication)”。
@@ -129,7 +133,7 @@ topics:
 
 ### 审核和访问日志记录
 
-{% data variables.product.prodname_ghe_server %} 存储传统的操作系统日志和应用程序日志。 应用程序还会编写详细的审核和安全日志，永久存储在 {% data variables.product.prodname_ghe_server %} 上。 您可以通过 `syslog-ng` 协议将两种类型的日志实时转发到多个目标。 更多信息请参阅“[日志转发](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/log-forwarding)。”
+{% data variables.product.product_name %} 存储传统的操作系统日志和应用程序日志。 应用程序还会编写详细的审核和安全日志，永久存储在 {% data variables.product.product_name %} 上。 您可以通过 `syslog-ng` 协议将两种类型的日志实时转发到多个目标。 更多信息请参阅“[关于企业的审核日志](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise)”和“[日志转发](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/log-forwarding)”。
 
 访问和审核日志包括如下信息。
 
@@ -146,11 +150,12 @@ topics:
 - 仓库推送事件、访问授权、转让和重命名
 - 组织成员变更，包括团队创建和删除
 
-## {% data variables.product.prodname_ghe_server %} 的开源依赖项
+## {% data variables.product.product_name %} 的开源依赖项
 
-要查看您的设备 {% data variables.product.prodname_ghe_server %} 版本中依赖项的完整列表以及每个项目的许可，请访问 `http(s)://HOSTNAME/site/credits`。
+要查看您的实例 {% data variables.product.product_name %} 版本中依赖项的完整列表以及每个项目的许可，请访问 `http(s)://HOSTNAME/site/credits`。
+
+您的实例上提供包含依赖项和关联元数据完整列表的 tarball：
 
-您的设备上提供包含依赖项和关联元数据完整列表的 tarball：
 - 要查看所有平台通用的依赖项，请访问 `/usr/local/share/enterprise/dependencies-<GHE version>-base.tar.gz`
 - 要查看平台特有的依赖项，请访问 `/usr/local/share/enterprise/dependencies-<GHE version>-<platform>.tar.gz`
 
@@ -160,4 +165,3 @@ topics:
 
 - “[设置 {% data variables.product.prodname_ghe_server %} 的试用版](/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server)”
 - “[设置 {% data variables.product.prodname_ghe_server %} 实例](/admin/installation/setting-up-a-github-enterprise-server-instance)”
-- `github/roadmap` 仓库中的 [ {% data variables.product.prodname_roadmap %} ]({% data variables.product.prodname_roadmap_link %})

translations/zh-CN/content/admin/user-management/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise.md

@@ -12,12 +12,6 @@ topics:
 shortTitle: 管理您的组织角色
 ---
 
-{% note %}
-
-**注意：** 企业所有者在企业拥有的组织中管理其角色的能力处于测试阶段，可能会发生变化。
-
-{% endnote %}
-
 ## 关于角色管理
 
 您可以选择以成员或组织所有者的身份加入企业拥有的组织，更改您在组织中的角色或离开组织。

translations/zh-CN/content/admin/user-management/managing-users-in-your-enterprise/managing-dormant-users.md

@@ -57,4 +57,12 @@ topics:
 {% data reusables.enterprise-accounts.enterprise-accounts-compliance-tab %}
 1. 要将休眠用户（测试版）报告下载为 CSV 文件，请在“Other（其他）”下点击 {% octicon "download" aria-label="The Download icon" %} **Download（下载）**。 ![Compliance（合规）页面上"Other（其他）"下的 Download（下载）按钮](/assets/images/help/business-accounts/dormant-users-download-button.png)
 
+{% tip %}
+
+**提示：** 为了评估用户休眠，用户活动的范围仅限于与与企业关联的组织、存储库或登录事件关联的用户活动。 例如，如果用户最近在与企业无关的公共存储库中对某个议题进行了评论，则可能会将其视为休眠状态。 但是，如果他们最近在与企业中的组织关联的公共存储库中对某个议题进行了评论，则不会将其视为休眠状态，也不会出现在“休眠用户”报告中。
+
+对于 Web 登录事件，只有通过与企业关联的 SSO 域进行的登录事件才被视为与企业关联的用户活动。
+
+{% endtip %}
+
 {% endif %}

translations/zh-CN/content/admin/user-management/managing-users-in-your-enterprise/removing-a-member-from-your-enterprise.md

@@ -10,12 +10,6 @@ topics:
 shortTitle: 删除成员
 ---
 
-{% note %}
-
-**注意：** 删除企业成员的功能处于测试阶段，可能会发生更改。
-
-{% endnote %}
-
 ## 关于删除企业成员
 
 从企业中删除企业成员时，该成员将从企业拥有的所有组织中删除。

translations/zh-CN/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md

@@ -1,6 +1,6 @@
 ---
 title: About Dependabot alerts
-intro: '{% data variables.product.product_name %} sends {% data variables.product.prodname_dependabot_alerts %} when we detect vulnerabilities affecting your repository.'
+intro: '{% data variables.product.product_name %} sends {% data variables.product.prodname_dependabot_alerts %} when we detect that your repository uses a vulnerable dependency{% ifversion GH-advisory-db-supports-malware %} or malware{% endif %}.'
 redirect_from:
   - /articles/about-security-alerts-for-vulnerable-dependencies
   - /github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies
@@ -23,20 +23,26 @@ shortTitle: Dependabot alerts
 ---
 <!--Marketing-LINK: From /features/security/software-supply-chain page "About alerts for vulnerable dependencies ".-->
 
-## About vulnerable dependencies
+## About {% data variables.product.prodname_dependabot_alerts %}
 
-{% data reusables.repositories.a-vulnerability-is %}
+{% ifversion GH-advisory-db-supports-malware %}
+{% data reusables.advisory-database.beta-malware-advisories %}
+{% endif %}
 
-When your code depends on a package that has a security vulnerability, this vulnerable dependency can cause a range of problems for your project or the people who use it.
+{% data variables.product.prodname_dependabot_alerts %} tell you that your code depends on a package that is insecure.
 
-## Detection of vulnerable dependencies
+If your code depends on a package with a security vulnerability, this can cause a range of problems for your project or the people who use it. You should upgrade to a secure version of the package as soon as possible.{% ifversion GH-advisory-db-supports-malware %} If your code uses malware, you need to replace the package with a secure alternative.{% endif %}
+
+{% data reusables.security-advisory.link-browsing-advisory-db %}
+
+## Detection of insecure dependencies
 
 {% data reusables.dependabot.dependabot-alerts-beta %}
 
-{% data variables.product.prodname_dependabot %} performs a scan to detect vulnerable dependencies and sends {% data variables.product.prodname_dependabot_alerts %} when:
+{% data variables.product.prodname_dependabot %} performs a scan to detect insecure dependencies, and sends {% data variables.product.prodname_dependabot_alerts %} when:
 
 {% ifversion fpt or ghec %}
-- A new vulnerability is added to the {% data variables.product.prodname_advisory_database %}. For more information, see "[Browsing security vulnerabilities in the {% data variables.product.prodname_advisory_database %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database)" and "[About {% data variables.product.prodname_security_advisories %}](/code-security/security-advisories/about-github-security-advisories)."{% else %}
+- A new advisory is added to the {% data variables.product.prodname_advisory_database %}. For more information, see "[Browsing security advisories in the {% data variables.product.prodname_advisory_database %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database)."{% else %}
 - New advisory data is synchronized to {% data variables.product.product_location %} each hour from {% data variables.product.prodname_dotcom_the_website %}. {% data reusables.security-advisory.link-browsing-advisory-db %}{% endif %}
   {% note %}
 
@@ -47,28 +53,28 @@ When your code depends on a package that has a security vulnerability, this vuln
 
 {% data reusables.repositories.dependency-review %}
 
-For a list of the ecosystems that {% data variables.product.product_name %} can detect vulnerabilities and dependencies for, see "[Supported package ecosystems](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)."
+For a list of the ecosystems that {% data variables.product.product_name %} detects insecure dependencies in, see "[Supported package ecosystems](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)."
 
 {% note %}
 
-**Note:** It is important to keep your manifest and lock files up to date. If the dependency graph doesn't accurately reflect your current dependencies and versions, then you could miss alerts for vulnerable dependencies that you use. You may also get alerts for dependencies that you no longer use.
+**Note:** It is important to keep your manifest and lock files up to date. If the dependency graph doesn't accurately reflect your current dependencies and versions, then you could miss alerts for insecure dependencies that you use. You may also get alerts for dependencies that you no longer use.
 
 {% endnote %}
 
-##  {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies
+##  Configuration of {% data variables.product.prodname_dependabot_alerts %}
 
 {% data reusables.repositories.enable-security-alerts %}
 
-{% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %} detects vulnerable dependencies in _public_ repositories and displays the dependency graph, but does not generate {% data variables.product.prodname_dependabot_alerts %} by default. Repository owners or people with admin access can enable {% data variables.product.prodname_dependabot_alerts %} for public repositories. Owners of private repositories, or people with admin access, can enable {% data variables.product.prodname_dependabot_alerts %} by enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} for their repositories.
+{% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %} detects vulnerable dependencies and malware in _public_ repositories and displays the dependency graph, but does not generate {% data variables.product.prodname_dependabot_alerts %} by default. Repository owners or people with admin access can enable {% data variables.product.prodname_dependabot_alerts %} for public repositories. Owners of private repositories, or people with admin access, can enable {% data variables.product.prodname_dependabot_alerts %} by enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} for their repositories.
 
 You can also enable or disable {% data variables.product.prodname_dependabot_alerts %} for all repositories owned by your user account or organization. For more information, see "[Configuring {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts)."
 
 For information about access requirements for actions related to {% data variables.product.prodname_dependabot_alerts %}, see "[Repository roles for an organization](/organizations/managing-access-to-your-organizations-repositories/repository-roles-for-an-organization#access-requirements-for-security-features)."
 
-{% data variables.product.product_name %} starts generating the dependency graph immediately and generates alerts for any vulnerable dependencies as soon as they are identified. The graph is usually populated within minutes but this may take longer for repositories with many dependencies. For more information, see "[Managing data use settings for your private repository](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)."
+{% data variables.product.product_name %} starts generating the dependency graph immediately and generates alerts for any insecure dependencies as soon as they are identified. The graph is usually populated within minutes but this may take longer for repositories with many dependencies. For more information, see "[Managing data use settings for your private repository](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)."
 {% endif %}
 
-When {% data variables.product.product_name %} identifies a vulnerable dependency, we generate a {% data variables.product.prodname_dependabot %} alert and display it {% ifversion fpt or ghec or ghes %} on the Security tab for the repository and{% endif %} in the repository's dependency graph. The alert includes {% ifversion fpt or ghec or ghes %}a link to the affected file in the project, and {% endif %}information about a fixed version. {% data variables.product.product_name %} may also notify the maintainers of affected repositories about the new alert according to their notification preferences. For more information, see "[Configuring notifications for vulnerable dependencies](/code-security/supply-chain-security/configuring-notifications-for-vulnerable-dependencies)."
+When {% data variables.product.product_name %} identifies a vulnerable dependency{% ifversion GH-advisory-db-supports-malware %} or malware{% endif %}, we generate a {% data variables.product.prodname_dependabot %} alert and display it {% ifversion fpt or ghec or ghes %} on the Security tab for the repository and{% endif %} in the repository's dependency graph. The alert includes {% ifversion fpt or ghec or ghes %}a link to the affected file in the project, and {% endif %}information about a fixed version. {% data variables.product.product_name %} may also notify the maintainers of affected repositories about the new alert according to their notification preferences. For more information, see "[Configuring notifications for {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts)."
 
 {% ifversion fpt or ghec or ghes > 3.2 %}
 For repositories where {% data variables.product.prodname_dependabot_security_updates %} are enabled, the alert may also contain a link to a pull request to update the manifest or lock file to the minimum version that resolves the vulnerability. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)."
@@ -76,25 +82,25 @@ For repositories where {% data variables.product.prodname_dependabot_security_up
 
 {% warning %}
 
-**Note**: {% data variables.product.product_name %}'s security features do not claim to catch all vulnerabilities. Though we are always trying to update our vulnerability database and generate alerts with our most up-to-date information, we will not be able to catch everything or tell you about known vulnerabilities within a guaranteed time frame. These features are not substitutes for human review of each dependency for potential vulnerabilities or any other issues, and we recommend consulting with a security service or conducting a thorough vulnerability review when necessary.
+**Note**: {% data variables.product.product_name %}'s security features do not claim to catch all vulnerabilities{% ifversion GH-advisory-db-supports-malware %} and malware{% endif %}. We actively maintain {% data variables.product.prodname_advisory_database %} and generate alerts with the most up-to-date information. However, we cannot catch everything or tell you about known vulnerabilities within a guaranteed time frame. These features are not substitutes for human review of each dependency for potential vulnerabilities or any other issues, and we recommend consulting with a security service or conducting a thorough dependency review when necessary.
 
 {% endwarning %}
 
 ## Access to  {% data variables.product.prodname_dependabot_alerts %}
 
-You can see all of the alerts that affect a particular project{% ifversion fpt or ghec %} on the repository's Security tab or{% endif %} in the repository's dependency graph. For more information, see "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)."
+You can see all of the alerts that affect a particular project{% ifversion fpt or ghec %} on the repository's Security tab or{% endif %} in the repository's dependency graph. For more information, see "[Viewing and updatng {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts)."
 
-By default, we notify people with admin permissions in the affected repositories about new {% data variables.product.prodname_dependabot_alerts %}. {% ifversion fpt or ghec %}{% data variables.product.product_name %} never publicly discloses identified vulnerabilities for any repository. You can also make {% data variables.product.prodname_dependabot_alerts %} visible to additional people or teams working with repositories that you own or have admin permissions for. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)."
+By default, we notify people with admin permissions in the affected repositories about new {% data variables.product.prodname_dependabot_alerts %}. {% ifversion fpt or ghec %}{% data variables.product.product_name %} never publicly discloses insecure dependencies for any repository. You can also make {% data variables.product.prodname_dependabot_alerts %} visible to additional people or teams working with repositories that you own or have admin permissions for. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)."
 {% endif %}
 
 {% data reusables.notifications.vulnerable-dependency-notification-enable %}
-{% data reusables.notifications.vulnerable-dependency-notification-delivery-method-customization2 %} For more information, see "[Configuring notifications for vulnerable dependencies](/code-security/supply-chain-security/configuring-notifications-for-vulnerable-dependencies)."
+{% data reusables.notifications.vulnerable-dependency-notification-delivery-method-customization2 %} For more information, see "[Configuring notifications for {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts)."
 
-You can also see all the {% data variables.product.prodname_dependabot_alerts %} that correspond to a particular vulnerability in the {% data variables.product.prodname_advisory_database %}. {% data reusables.security-advisory.link-browsing-advisory-db %}
+You can also see all the {% data variables.product.prodname_dependabot_alerts %} that correspond to a particular advisory in the {% data variables.product.prodname_advisory_database %}. {% data reusables.security-advisory.link-browsing-advisory-db %}
 
 {% ifversion fpt or ghec or ghes > 3.2 %}
 ## Further reading
 
 - "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)"
-- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/articles/viewing-and-updating-vulnerable-dependencies-in-your-repository)"{% endif %}
+- "[Viewing and updatng {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts)"{% endif %}
 {% ifversion fpt or ghec %}- "[Privacy on {% data variables.product.prodname_dotcom %}](/get-started/privacy-on-github)"{% endif %}

translations/zh-CN/content/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database.md

@@ -0,0 +1,141 @@
+---
+title: Browsing security advisories in the GitHub Advisory Database
+intro: 'You can browse the {% data variables.product.prodname_advisory_database %} to find advisories for security risks in open source projects that are hosted on {% data variables.product.company_short %}.'
+shortTitle: 浏览公告数据库
+miniTocMaxHeadingLevel: 3
+redirect_from:
+  - /github/managing-security-vulnerabilities/browsing-security-vulnerabilities-in-the-github-advisory-database
+  - /code-security/supply-chain-security/browsing-security-vulnerabilities-in-the-github-advisory-database
+  - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database
+  - /code-security/dependabot/dependabot-alerts/browsing-security-vulnerabilities-in-the-github-advisory-database
+versions:
+  fpt: '*'
+  ghec: '*'
+type: how_to
+topics:
+  - Security advisories
+  - Alerts
+  - Dependabot
+  - Vulnerabilities
+  - CVEs
+---
+
+<!--Marketing-LINK: From /features/security/software-supply-chain page "Browsing security vulnerabilities in the GitHub Advisory Database".-->
+
+## 关于 {% data variables.product.prodname_advisory_database %}
+
+The {% data variables.product.prodname_advisory_database %} contains a list of known security vulnerabilities and malware, grouped in two categories: {% data variables.product.company_short %}-reviewed advisories and unreviewed advisories.
+
+{% data reusables.repositories.tracks-vulnerabilities %}
+
+## About types of security advisories
+
+{% data reusables.advisory-database.beta-malware-advisories %}
+
+Each advisory in the {% data variables.product.prodname_advisory_database %} is for a vulnerability in open source projects or for malicious open source software.
+
+{% data reusables.repositories.a-vulnerability-is %} Vulnerabilities in code are usually introduced by accident and fixed soon after they are discovered. You should update your code to use the fixed version of the dependency as soon as it is available.
+
+In contrast, malicious software, or malware, is code that is intentionally designed to perform unwanted or harmful functions. The malware may target hardware, software, confidential data, or users of any application that uses the malware. You need to remove the malware from your project and find an alternative, more secure replacement for the dependency.
+
+### {% data variables.product.company_short %}-reviewed advisories
+
+{% data variables.product.company_short %}-reviewed advisories are security vulnerabilities or malware that have been mapped to packages in ecosystems we support. We carefully review each advisory for validity and ensure that they have a full description, and contain both ecosystem and package information.
+
+Generally, we name our supported ecosystems after the software programming language's associated package registry. We review advisories if they are for a vulnerability in a package that comes from a supported registry.
+
+- Composer (registry: https://packagist.org/)
+- Go (registry: https://pkg.go.dev/)
+- Maven (registry: https://repo1.maven.org/maven2/org/)
+- npm (registry: https://www.npmjs.com/)
+- NuGet (registry: https://www.nuget.org/)
+- pip (registry: https://pypi.org/)
+- RubyGems (registry: https://rubygems.org/)
+- Rust (registry: https://crates.io/)
+
+If you have a suggestion for a new ecosystem we should support, please open an [issue](https://github.com/github/advisory-database/issues) for discussion.
+
+If you enable {% data variables.product.prodname_dependabot_alerts %} for your repositories, you are automatically notified when a new {% data variables.product.company_short %}-reviewed advisory reports a vulnerability or malware for a package you depend on. 更多信息请参阅“[关于 {% data variables.product.prodname_dependabot_alerts %} 警报](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)”。
+
+### Unreviewed advisories
+
+未审核的公告是我们直接从国家漏洞数据库源自动发布到 {% data variables.product.prodname_advisory_database %} 的安全漏洞。
+
+{% data variables.product.prodname_dependabot %} 不会为未审核的公告创建 {% data variables.product.prodname_dependabot_alerts %}，因为不会检查此类公告的有效性或完成情况。
+
+## About information in security advisories
+
+Each security advisory contains information about the vulnerability or malware, which may include the description, severity, affected package, package ecosystem, affected versions and patched versions, impact, and optional information such as references, workarounds, and credits. 此外，国家漏洞数据库列表中的公告包含 CVE 记录链接，通过链接可以查看漏洞、其 CVSS 得分及其质化严重等级的更多详细信息。 更多信息请参阅国家标准和技术研究所 (National Institute of Standards and Technology) 的“[国家漏洞数据库](https://nvd.nist.gov/)”。
+
+我们在[常见漏洞评分系统 (CVSS) 第 5 节](https://www.first.org/cvss/specification-document)中定义了以下四种可能的严重性等级。
+- 低
+- 中
+- 高
+- 关键
+
+{% data variables.product.prodname_advisory_database %} 使用上述 CVSS 级别。 如果 {% data variables.product.company_short %} 获取 CVE，{% data variables.product.prodname_advisory_database %} 将使用 CVSS 版本 3.1。 如果 CVE 是导入的，则 {% data variables.product.prodname_advisory_database %} 支持 CVSS 版本 3.0 和 3.1。
+
+{% data reusables.repositories.github-security-lab %}
+
+## 访问 {% data variables.product.prodname_advisory_database %} 中的通告
+
+1. 导航到 https://github.com/advisories。
+2. （可选）要过滤列表，请使用任意下拉菜单。 ![下拉过滤器](/assets/images/help/security/advisory-database-dropdown-filters.png)
+   {% tip %}
+
+   **提示：**您可以使用左侧的边栏分别浏览  {% data variables.product.company_short %} 已审核和未审核的公告。
+
+   {% endtip %}
+3. 单击任何通告以查看详情。 By default, you will see {% data variables.product.company_short %}-reviewed advisories for security vulnerabilities. To show malware advisories, use `type:malware` in the search bar.
+
+
+{% note %}
+
+也可以使用 GraphQL API 访问数据库。 By default, queries will return {% data variables.product.company_short %}-reviewed advisories for security vulnerabilities unless you specify `type:malware`. 更多信息请参阅“[`security_advisory` web 挂钩事件](/webhooks/event-payloads/#security_advisory)”。
+
+{% endnote %}
+
+## 在 {% data variables.product.prodname_advisory_database %} 中编辑公告
+您可以对 {% data variables.product.prodname_advisory_database %} 中的任何公告提出改进建议。 更多信息请参阅“[编辑 {% data variables.product.prodname_advisory_database %} 中的安全通告](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database)”。
+
+## 搜索 {% data variables.product.prodname_advisory_database %}
+
+您可以搜索数据库，并使用限定符缩小搜索范围。 例如，您可以搜索在特定日期、特定生态系统或特定库中创建的通告。
+
+{% data reusables.time_date.date_format %} {% data reusables.time_date.time_format %}
+
+{% data reusables.search.date_gt_lt %}
+
+| 限定符                   | 示例                                                                                                                                                                              |
+| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `type:reviewed`       | [**type:reviewed**](https://github.com/advisories?query=type%3Areviewed) will show {% data variables.product.company_short %}-reviewed advisories for security vulnerabilities. |
+| `type:malware`        | [**type:malware**](https://github.com/advisories?query=type%3Amalware) will show {% data variables.product.company_short %}-reviewed advisories for malware.                    |
+| `type:unreviewed`     | [**type:unreviewed**](https://github.com/advisories?query=type%3Aunreviewed) 将显示未审核的公告。                                                                                         |
+| `GHSA-ID`             | [**GHSA-49wp-qq6x-g2rf**](https://github.com/advisories?query=GHSA-49wp-qq6x-g2rf) 将显示使用此 {% data variables.product.prodname_advisory_database %} ID 的通告。                     |
+| `CVE-ID`              | [**CVE-2020-28482**](https://github.com/advisories?query=CVE-2020-28482) 将显示使用此 CVE ID 号的通告。                                                                                    |
+| `ecosystem:ECOSYSTEM` | [**ecosystem:npm**](https://github.com/advisories?utf8=%E2%9C%93&query=ecosystem%3Anpm) 只显示影响 NPM 包的通告。                                                                         |
+| `severity:LEVEL`      | [**severity:high**](https://github.com/advisories?utf8=%E2%9C%93&query=severity%3Ahigh) 只显示严重程度高的公告。                                                                            |
+| `affects:LIBRARY`     | [**affects:lodash**](https://github.com/advisories?utf8=%E2%9C%93&query=affects%3Alodash) 只显示影响 lodash 库的通告。                                                                    |
+| `cwe:ID`              | [**cwe:352**](https://github.com/advisories?query=cwe%3A352) 将只显示使用此 CWE 编号的通告。                                                                                                 |
+| `credit:USERNAME`     | [**credit:octocat**](https://github.com/advisories?query=credit%3Aoctocat) 将只显示计入“octocat”用户帐户的通告。                                                                              |
+| `sort:created-asc`    | [**sort:created-asc**](https://github.com/advisories?utf8=%E2%9C%93&query=sort%3Acreated-asc) 按照时间顺序对通告排序，最早的通告排在最前面。                                                           |
+| `sort:created-desc`   | [**sort:created-desc**](https://github.com/advisories?utf8=%E2%9C%93&query=sort%3Acreated-desc) 按照时间顺序对通告排序，最新的通告排在最前面。                                                         |
+| `sort:updated-asc`    | [**sort:updated-asc**](https://github.com/advisories?utf8=%E2%9C%93&query=sort%3Aupdated-asc) 按照更新顺序排序，最早更新的排在最前面。                                                              |
+| `sort:updated-desc`   | [**sort:updated-desc**](https://github.com/advisories?utf8=%E2%9C%93&query=sort%3Aupdated-desc) 按照更新顺序排序，最近更新的排在最前面。                                                            |
+| `is:withdrawn`        | [**is:withdrawn**](https://github.com/advisories?utf8=%E2%9C%93&query=is%3Awithdrawn) 只显示已经撤销的通告。                                                                               |
+| `created:YYYY-MM-DD`  | [**created:2021-01-13**](https://github.com/advisories?utf8=%E2%9C%93&query=created%3A2021-01-13) 只显示此日期创建的通告。                                                                  |
+| `updated:YYYY-MM-DD`  | [**updated:2021-01-13**](https://github.com/advisories?utf8=%E2%9C%93&query=updated%3A2021-01-13) 只显示此日期更新的通告。                                                                  |
+
+## 查看有漏洞的仓库
+
+For any {% data variables.product.company_short %}-reviewed advisory in the {% data variables.product.prodname_advisory_database %}, you can see which of your repositories are affected by that security vulnerability or malware. 要查看有漏洞的仓库，您必须有权访问该仓库的 {% data variables.product.prodname_dependabot_alerts %}。 更多信息请参阅“[关于 {% data variables.product.prodname_dependabot_alerts %} 警报](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#access-to-dependabot-alerts)”。
+
+1. 导航到 https://github.com/advisories。
+2. 单击通告。
+3. 在通告页面的顶部，单击 **Dependabot alerts（Dependabot 警报）**。 ![Dependabot 警报](/assets/images/help/security/advisory-database-dependabot-alerts.png)
+4. （可选）要过滤列表，请使用搜索栏或下拉菜单。 “Organization（组织）”下拉菜单用于按所有者（组织或用户）过滤 {% data variables.product.prodname_dependabot_alerts %}。 ![用于过滤警报的搜索栏和下拉菜单](/assets/images/help/security/advisory-database-dependabot-alerts-filters.png)
+5. For more details about the advisory, and for advice on how to fix the vulnerable repository, click the repository name.
+
+## 延伸阅读
+
+- MITRE 的[“漏洞”定义](https://www.cve.org/ResourcesSupport/Glossary#vulnerability)

translations/zh-CN/content/code-security/dependabot/dependabot-alerts/browsing-security-vulnerabilities-in-the-github-advisory-database.md

@@ -1,123 +0,0 @@
----
-title: Browsing security vulnerabilities in the GitHub Advisory Database
-intro: 'The {% data variables.product.prodname_advisory_database %} allows you to browse or search for vulnerabilities that affect open source projects  on {% data variables.product.company_short %}.'
-shortTitle: Browse Advisory Database
-miniTocMaxHeadingLevel: 3
-redirect_from:
-  - /github/managing-security-vulnerabilities/browsing-security-vulnerabilities-in-the-github-advisory-database
-  - /code-security/supply-chain-security/browsing-security-vulnerabilities-in-the-github-advisory-database
-  - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database
-versions:
-  fpt: '*'
-  ghec: '*'
-type: how_to
-topics:
-  - Security advisories
-  - Alerts
-  - Dependabot
-  - Vulnerabilities
-  - CVEs
----
-<!--Marketing-LINK: From /features/security/software-supply-chain page "Browsing security vulnerabilities in the GitHub Advisory Database".-->
-
-## About security vulnerabilities
-
-{% data reusables.repositories.a-vulnerability-is %}
-
-## About the {% data variables.product.prodname_advisory_database %}
-
-The {% data variables.product.prodname_advisory_database %} contains a list of known security vulnerabilities, grouped in two categories: {% data variables.product.company_short %}-reviewed advisories and unreviewed advisories.
-
-{% data reusables.repositories.tracks-vulnerabilities %}
-
-### About {% data variables.product.company_short %}-reviewed advisories
-
-{% data variables.product.company_short %}-reviewed advisories are security vulnerabilities that have been mapped to packages tracked by the {% data variables.product.company_short %} dependency graph.
-
-We carefully review each advisory for validity. Each {% data variables.product.company_short %}-reviewed advisory has a full description, and contains both ecosystem and package information.
-
-If you enable {% data variables.product.prodname_dependabot_alerts %} for your repositories, you are automatically notified when a new {% data variables.product.company_short %}-reviewed advisory affects packages you depend on. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."
-
-### About unreviewed advisories
-
-Unreviewed advisories are security vulnerabilites that we publish automatically into the {% data variables.product.prodname_advisory_database %}, directly from the National Vulnerability Database feed. 
-
-{% data variables.product.prodname_dependabot %} doesn't create {% data variables.product.prodname_dependabot_alerts %} for unreviewed advisories as this type of advisory isn't checked for validity or completion.
-
-## About security advisories
-
-Each security advisory contains information about the vulnerability, which may include the description, severity, affected package, package ecosystem, affected versions and patched versions, impact, and optional information such as references, workarounds, and credits. In addition, advisories from the National Vulnerability Database list contain a link to the CVE record, where you can read more details about the vulnerability, its CVSS scores, and its qualitative severity level. For more information, see the "[National Vulnerability Database](https://nvd.nist.gov/)" from the National Institute of Standards and Technology.
-
-The severity level is one of four possible levels defined in the "[Common Vulnerability Scoring System (CVSS), Section 5](https://www.first.org/cvss/specification-document)."
-- Low
-- Medium/Moderate
-- High
-- Critical
-
-The {% data variables.product.prodname_advisory_database %} uses the CVSS levels described above. If {% data variables.product.company_short %} obtains a CVE, the {% data variables.product.prodname_advisory_database %} uses CVSS version 3.1. If the CVE is imported, the {% data variables.product.prodname_advisory_database %} supports both CVSS versions 3.0 and 3.1.
-
-{% data reusables.repositories.github-security-lab %}
-
-## Accessing an advisory in the {% data variables.product.prodname_advisory_database %}
-
-1. Navigate to https://github.com/advisories.
-2. Optionally, to filter the list, use any of the drop-down menus.
-  ![Dropdown filters](/assets/images/help/security/advisory-database-dropdown-filters.png)
-   {% tip %}
-
-   **Tip:** You can use the sidebar on the left to explore  {% data variables.product.company_short %}-reviewed and unreviewed advisories separately.
-
-   {% endtip %}
-3. Click on any advisory to view details.
-
-{% note %}
-
-The database is also accessible using the GraphQL API. For more information, see the "[`security_advisory` webhook event](/webhooks/event-payloads/#security_advisory)."
-
-{% endnote %}
-
-## Editing an advisory in the {% data variables.product.prodname_advisory_database %}
-You can suggest improvements to any advisory in the {% data variables.product.prodname_advisory_database %}. For more information, see "[Editing security advisories in the {% data variables.product.prodname_advisory_database %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database)."
-
-## Searching the {% data variables.product.prodname_advisory_database %}
-
-You can search the database, and use qualifiers to narrow your search. For example, you can search for advisories created on a certain date, in a specific ecosystem, or in a particular library.
-
-{% data reusables.time_date.date_format %} {% data reusables.time_date.time_format %}
-
-{% data reusables.search.date_gt_lt %}
-
-| Qualifier  | Example |
-| ------------- | ------------- |
-| `type:reviewed`| [**type:reviewed**](https://github.com/advisories?query=type%3Areviewed) will show {% data variables.product.company_short %}-reviewed advisories. |
-| `type:unreviewed`| [**type:unreviewed**](https://github.com/advisories?query=type%3Aunreviewed) will show unreviewed advisories. |
-| `GHSA-ID`| [**GHSA-49wp-qq6x-g2rf**](https://github.com/advisories?query=GHSA-49wp-qq6x-g2rf) will show the advisory with this {% data variables.product.prodname_advisory_database %} ID. |
-| `CVE-ID`| [**CVE-2020-28482**](https://github.com/advisories?query=CVE-2020-28482) will show the advisory with this CVE ID number. |
-| `ecosystem:ECOSYSTEM`| [**ecosystem:npm**](https://github.com/advisories?utf8=%E2%9C%93&query=ecosystem%3Anpm) will show only advisories affecting NPM packages. |
-| `severity:LEVEL`| [**severity:high**](https://github.com/advisories?utf8=%E2%9C%93&query=severity%3Ahigh) will show only advisories with a high severity level. |
-| `affects:LIBRARY`| [**affects:lodash**](https://github.com/advisories?utf8=%E2%9C%93&query=affects%3Alodash) will show only advisories affecting the lodash library. |
-| `cwe:ID`| [**cwe:352**](https://github.com/advisories?query=cwe%3A352) will show only advisories with this CWE number. |
-| `credit:USERNAME`| [**credit:octocat**](https://github.com/advisories?query=credit%3Aoctocat) will show only advisories credited to the "octocat" user account. |
-| `sort:created-asc`| [**sort:created-asc**](https://github.com/advisories?utf8=%E2%9C%93&query=sort%3Acreated-asc) will sort by the oldest advisories first. |
-| `sort:created-desc`| [**sort:created-desc**](https://github.com/advisories?utf8=%E2%9C%93&query=sort%3Acreated-desc) will sort by the newest advisories first. |
-| `sort:updated-asc`| [**sort:updated-asc**](https://github.com/advisories?utf8=%E2%9C%93&query=sort%3Aupdated-asc) will sort by the least recently updated first. |
-| `sort:updated-desc`| [**sort:updated-desc**](https://github.com/advisories?utf8=%E2%9C%93&query=sort%3Aupdated-desc) will sort by the most recently updated first. |
-| `is:withdrawn`| [**is:withdrawn**](https://github.com/advisories?utf8=%E2%9C%93&query=is%3Awithdrawn) will show only advisories that have been withdrawn. |
-| `created:YYYY-MM-DD`| [**created:2021-01-13**](https://github.com/advisories?utf8=%E2%9C%93&query=created%3A2021-01-13) will show only advisories created on this date. |
-| `updated:YYYY-MM-DD`| [**updated:2021-01-13**](https://github.com/advisories?utf8=%E2%9C%93&query=updated%3A2021-01-13) will show only advisories updated on this date. |
-
-## Viewing your vulnerable repositories
-
-For any {% data variables.product.company_short %}-reviewed advisory in the {% data variables.product.prodname_advisory_database %}, you can see which of your repositories are affected by that security vulnerability. To see a vulnerable repository, you must have access to {% data variables.product.prodname_dependabot_alerts %} for that repository. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#access-to-dependabot-alerts)."
-
-1. Navigate to https://github.com/advisories.
-2. Click an advisory.
-3. At the top of the advisory page, click **Dependabot alerts**.
-   ![Dependabot alerts](/assets/images/help/security/advisory-database-dependabot-alerts.png)
-4. Optionally, to filter the list, use the search bar or the drop-down menus. The "Organization" drop-down menu allows you to filter the {% data variables.product.prodname_dependabot_alerts %} per owner (organization or user).
-   ![Search bar and drop-down menus to filter alerts](/assets/images/help/security/advisory-database-dependabot-alerts-filters.png)
-5. For more details about the vulnerability, and for advice on how to fix the vulnerable repository, click the repository name.
-
-## Further reading
-
-- MITRE's [definition of "vulnerability"](https://www.cve.org/ResourcesSupport/Glossary#vulnerability)

translations/zh-CN/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md

@@ -1,6 +1,6 @@
 ---
 title: 配置 Dependabot 警报
-intro: '启用 {% data variables.product.prodname_dependabot_alerts %}，以便在其中一个依赖项中发现新漏洞时收到通知。'
+intro: 'Enable {% data variables.product.prodname_dependabot_alerts %} to be generated when a new vulnerable dependency {% ifversion GH-advisory-db-supports-malware %}or malware {% endif %}is found in one of your repositories.'
 shortTitle: 配置 Dependabot 警报
 versions:
   fpt: '*'
@@ -17,11 +17,11 @@ topics:
   - Repositories
 ---
 
-## 关于有漏洞依赖项的 {% data variables.product.prodname_dependabot_alerts %}
+## About {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies{% ifversion GH-advisory-db-supports-malware %} and malware{% endif %}
 
 {% data reusables.repositories.a-vulnerability-is %}
 
-Dependabot 执行扫描以检测有漏洞的依赖项，并在将新漏洞添加到 GitHub Advisory 数据库或存储库更改的依赖关系图时发送 Dependabot 警报。 更多信息请参阅“[关于 {% data variables.product.prodname_dependabot_alerts %} 警报](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)”。
+{% data variables.product.prodname_dependabot %} scans code when a new advisory is added to the {% data variables.product.prodname_advisory_database %} or the dependency graph for a repository changes. When vulnerable dependencies{% ifversion GH-advisory-db-supports-malware %} or malware{% endif %} are detected, {% data variables.product.prodname_dependabot_alerts %} are generated. 更多信息请参阅“[关于 {% data variables.product.prodname_dependabot_alerts %} 警报](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)”。
 
 您可以对以下项启用或禁用 {% data variables.product.prodname_dependabot_alerts %}：
 * 您的个人帐户
@@ -59,7 +59,7 @@ Dependabot 执行扫描以检测有漏洞的依赖项，并在将新漏洞添加
 
 {% ifversion fpt or ghec %}您可以管理公共、私有或内部存储库的 {% data variables.product.prodname_dependabot_alerts %}。
 
-默认情况下，我们会向受影响仓库中具有管理员权限的人员通知有关新的 {% data variables.product.prodname_dependabot_alerts %}。 {% data variables.product.product_name %} 从不公开披露在任何仓库中发现的漏洞。 您也可以将 {% data variables.product.prodname_dependabot_alerts %} 设为对操作您拥有或具有管理员权限的仓库的其他人或团队可见。
+默认情况下，我们会向受影响仓库中具有管理员权限的人员通知有关新的 {% data variables.product.prodname_dependabot_alerts %}。 {% data variables.product.product_name %} never publicly discloses insecure dependencies for any repository. 您也可以将 {% data variables.product.prodname_dependabot_alerts %} 设为对操作您拥有或具有管理员权限的仓库的其他人或团队可见。
 
 {% data reusables.security.security-and-analysis-features-enable-read-only %}
 

translations/zh-CN/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md

@@ -21,14 +21,12 @@ topics:
   - Repositories
 ---
 
-<!--For this article in earlier GHES versions, see /content/github/managing-security-vulnerabilities-->
+## About notifications for {% data variables.product.prodname_dependabot_alerts %}
 
-## 关于有漏洞依赖项的通知
-
-当 {% data variables.product.prodname_dependabot %} 在您的仓库中检测到有漏洞依赖项时，我们将生成 {% data variables.product.prodname_dependabot %} 警报，并将其显示在仓库的“Security（安全）”选项卡中。 {% data variables.product.product_name %} 根据通知首选项将新警报通知受影响仓库的维护员。{% ifversion fpt or ghec %} {% data variables.product.prodname_dependabot %} 在所有公共仓库上默认启用。 对于 {% data variables.product.prodname_dependabot_alerts %}，默认情况下，您将通过电子邮件收到按特定漏洞分组的 {% data variables.product.prodname_dependabot_alerts %}。
+When {% data variables.product.prodname_dependabot %} detects vulnerable dependencies{% ifversion GH-advisory-db-supports-malware %} or malware{% endif %} in your repositories, we generate a {% data variables.product.prodname_dependabot %} alert and display it on the Security tab for the repository. {% data variables.product.product_name %} 根据通知首选项将新警报通知受影响仓库的维护员。{% ifversion fpt or ghec %} {% data variables.product.prodname_dependabot %} 在所有公共仓库上默认启用。 对于 {% data variables.product.prodname_dependabot_alerts %}，默认情况下，您将通过电子邮件收到按特定漏洞分组的 {% data variables.product.prodname_dependabot_alerts %}。
 {% endif %}
 
-{% ifversion fpt or ghec %}如果您是组织所有者，您可以对组织中的所有仓库一键启用或禁用 {% data variables.product.prodname_dependabot_alerts %}。 您也可以设置是否对新建的仓库启用或禁用有漏洞依赖项检测。 更多信息请参阅“[管理组织的安全和分析设置](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-new-repositories-when-they-are-added)”。
+{% ifversion fpt or ghec %}如果您是组织所有者，您可以对组织中的所有仓库一键启用或禁用 {% data variables.product.prodname_dependabot_alerts %}。 You can also set whether {% data variables.product.prodname_dependabot_alerts %} will be enabled or disabled for newly-created repositories. 更多信息请参阅“[管理组织的安全和分析设置](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-new-repositories-when-they-are-added)”。
 {% endif %}
 
 {% ifversion ghes or ghae %}
@@ -58,9 +56,9 @@ topics:
 
 {% data reusables.repositories.security-alerts-x-github-severity %} 更多信息请参阅“[配置通知](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications#filtering-email-notifications)”。
 
-## 如何减少有漏洞依赖项通知的干扰
+## How to reduce the noise from notifications for {% data variables.product.prodname_dependabot_alerts %}
 
-如果您想要收到太多 {% data variables.product.prodname_dependabot_alerts %} 的通知，我们建议您选择加入每周的电子邮件摘要，或者在保持 {% data variables.product.prodname_dependabot_alerts %} 启用时关闭通知。 您仍可导航到仓库的 Security（安全性）选项卡查看 {% data variables.product.prodname_dependabot_alerts %}。 更多信息请参阅“[查看有漏洞依赖项的 {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)”。
+如果您想要收到太多 {% data variables.product.prodname_dependabot_alerts %} 的通知，我们建议您选择加入每周的电子邮件摘要，或者在保持 {% data variables.product.prodname_dependabot_alerts %} 启用时关闭通知。 您仍可导航到仓库的 Security（安全性）选项卡查看 {% data variables.product.prodname_dependabot_alerts %}。 For more information, see "[Viewing and updatng {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts)."
 
 ## 延伸阅读
 

translations/zh-CN/content/code-security/dependabot/dependabot-alerts/index.md

@@ -15,7 +15,7 @@ topics:
   - Repositories
   - Dependencies
 children:
-  - /browsing-security-vulnerabilities-in-the-github-advisory-database
+  - /browsing-security-advisories-in-the-github-advisory-database
   - /editing-security-advisories-in-the-github-advisory-database
   - /about-dependabot-alerts
   - /configuring-dependabot-alerts

translations/zh-CN/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md

@@ -1,6 +1,6 @@
 ---
 title: 查看和更新 Dependabot 警报
-intro: '如果 {% data variables.product.product_name %} 发现项目中存在有漏洞的依赖项，您可以在仓库的 Dependabot 警报选项卡中查看它们。 然后，您可以更新项目以解决或忽略漏洞。'
+intro: 'If {% data variables.product.product_name %} discovers insecure dependencies in your project, you can view details on the Dependabot alerts tab of your repository. Then, you can update your project to resolve or dismiss the alert.'
 redirect_from:
   - /articles/viewing-and-updating-vulnerable-dependencies-in-your-repository
   - /github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository
@@ -35,11 +35,11 @@ topics:
 {% ifversion fpt or ghec or ghes > 3.2 %}
 ## 关于仓库中有漏洞的依赖项的更新
 
-{% data variables.product.product_name %} 在检测到您的代码库正在使用具有已知漏洞的依赖项时会生成 {% data variables.product.prodname_dependabot_alerts %}。 对于启用了 {% data variables.product.prodname_dependabot_security_updates %} 的仓库，当 {% data variables.product.product_name %} 在默认分支中检测到有漏洞的依赖项时，{% data variables.product.prodname_dependabot %} 会创建拉取请求来修复它。 拉取请求会将依赖项升级到避免漏洞所需的最低安全版本。
+{% data variables.product.product_name %} generates {% data variables.product.prodname_dependabot_alerts %} when we detect that your codebase is using dependencies with known security risks. 对于启用了 {% data variables.product.prodname_dependabot_security_updates %} 的仓库，当 {% data variables.product.product_name %} 在默认分支中检测到有漏洞的依赖项时，{% data variables.product.prodname_dependabot %} 会创建拉取请求来修复它。 拉取请求会将依赖项升级到避免漏洞所需的最低安全版本。
 
 {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5638 %}您可以使用 {% data variables.product.prodname_dependabot_alerts %} 选项卡中的下拉菜单对 {% data variables.product.prodname_dependabot_alerts %} 进行排序和过滤，也可以在搜索栏中键入过滤条件作为`键:值`对。 可用的过滤器包括仓库（例如 `repo:my-repository`）、包（例如 `package:django`）、生态系统（例如 `ecosystem:npm`）、清单（例如 `manifest:webwolf/pom.xml`）、状态（例如 `is:open`）以及公告是否有补丁（例如 `has: patch`）。
 
-每个 {% data variables.product.prodname_dependabot %} 警报都有一个唯一的数字标识符，{% data variables.product.prodname_dependabot_alerts %} 选项卡列出了每个检测到的漏洞的警报。 旧版 {% data variables.product.prodname_dependabot_alerts %} 按依赖项对漏洞进行分组，并为每个依赖项生成一个警报。 如果导航到旧版 {% data variables.product.prodname_dependabot %} 警报，则会将您重定向到为该包筛选的 {% data variables.product.prodname_dependabot_alerts %} 选项卡。 {% endif %}
+Each {% data variables.product.prodname_dependabot %} alert has a unique numeric identifier and the {% data variables.product.prodname_dependabot_alerts %} tab lists an alert for every detected vulnerability{% ifversion GH-advisory-db-supports-malware %} or malware{% endif %}. 旧版 {% data variables.product.prodname_dependabot_alerts %} 按依赖项对漏洞进行分组，并为每个依赖项生成一个警报。 如果导航到旧版 {% data variables.product.prodname_dependabot %} 警报，则会将您重定向到为该包筛选的 {% data variables.product.prodname_dependabot_alerts %} 选项卡。 {% endif %}
 {% endif %}
 
 {% ifversion dependabot-alerts-vulnerable-calls %}
@@ -92,11 +92,11 @@ topics:
 
 ## 查看和修复警报
 
-请务必确保所有依赖项都没有任何安全漏洞。 当 {% data variables.product.prodname_dependabot %} 发现依赖项中的漏洞时，应评估项目的暴露水平，并确定要采取哪些补救措施来保护应用程序。
+请务必确保所有依赖项都没有任何安全漏洞。 当 {% data variables.product.prodname_dependabot %} 发现依赖项中的漏洞{% ifversion GH-advisory-db-supports-malware %}或恶意软件{% endif %}时，应评估项目的暴露水平，并确定要采取哪些补救措施来保护应用程序。
 
-如果有修补的版本可用，则可以生成 {% data variables.product.prodname_dependabot %} 请求，以直接从 {% data variables.product.prodname_dependabot %} 警报更新此依赖项。 如果您启用了 {% data variables.product.prodname_dependabot_security_updates %}，则拉取请求可能会在 Dependabot 警报中链接。
+如果依赖项有修补的版本可用，则可以生成 {% data variables.product.prodname_dependabot %} 请求，以直接从 {% data variables.product.prodname_dependabot %} 警报更新此依赖项。 如果您启用了 {% data variables.product.prodname_dependabot_security_updates %}，则拉取请求可能会在 Dependabot 警报中链接。
 
-如果修补的版本不可用，或者您无法更新到安全版本，{% data variables.product.prodname_dependabot %} 会共享其他信息，以帮助您确定后续步骤。 单击以查看 {% data variables.product.prodname_dependabot %} 警报时，可以看到依赖项的安全通告的完整详细信息，包括受影响的功能。 然后，可以检查代码是否调用受影响的函数。 此信息可以帮助您进一步评估风险级别，并确定解决方法或是否能够接受安全漏洞所代表的风险。
+如果修补的版本不可用，或者您无法更新到安全版本，{% data variables.product.prodname_dependabot %} 会共享其他信息，以帮助您确定后续步骤。 单击以查看 {% data variables.product.prodname_dependabot %} 警报时，可以看到依赖项的安全通告的完整详细信息，包括受影响的功能。 然后，可以检查代码是否调用受影响的函数。 此信息可以帮助您进一步评估风险级别，并确定解决方法或是否能够接受安全公告所代表的风险。
 
 {% ifversion dependabot-alerts-vulnerable-calls %}
 

translations/zh-CN/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md

@@ -39,9 +39,12 @@ topics:
 
 ![{% data variables.product.prodname_dependabot_alerts %} 视图显示拉取请求链接](/assets/images/help/dependabot/dependabot-alert-pr-link.png)
 
-有三个原因可能导致警报中没有拉取请求链接：
+有几个原因可能导致警报中没有拉取请求链接：
 
 1. {% data variables.product.prodname_dependabot_security_updates %} 未对仓库启用。
+{% ifversion GH-advisory-db-supports-malware %}
+1. 警报针对恶意软件，并且没有安全版本的程序包。
+{% endif %}
 1. 警报针对未在锁文件中显式定义的间接或过渡依赖项。
 1. 某个错误阻止了 {% data variables.product.prodname_dependabot %} 创建拉取请求。
 

translations/zh-CN/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md

@@ -31,14 +31,14 @@ topics:
 
 {% data variables.product.prodname_dotcom %} generates and displays dependency data differently than other tools. Consequently, if you've been using another tool to identify dependencies you will almost certainly see different results. Consider the following:
 
-*   {% data variables.product.prodname_advisory_database %} is one of the data sources that {% data variables.product.prodname_dotcom %} uses to identify vulnerable dependencies. It's a free, curated database of vulnerability information for common package ecosystems on {% data variables.product.prodname_dotcom %}. It includes both data reported directly to {% data variables.product.prodname_dotcom %} from {% data variables.product.prodname_security_advisories %}, as well as official feeds and community sources. This data is reviewed and curated by {% data variables.product.prodname_dotcom %} to ensure that false or unactionable information is not shared with the development community. {% data reusables.security-advisory.link-browsing-advisory-db %}
+*   {% data variables.product.prodname_advisory_database %} is one of the data sources that {% data variables.product.prodname_dotcom %} uses to identify vulnerable dependencies{% ifversion GH-advisory-db-supports-malware %} and malware{% endif %}. It's a free, curated database of security advisories for common package ecosystems on {% data variables.product.prodname_dotcom %}. It includes both data reported directly to {% data variables.product.prodname_dotcom %} from {% data variables.product.prodname_security_advisories %}, as well as official feeds and community sources. This data is reviewed and curated by {% data variables.product.prodname_dotcom %} to ensure that false or unactionable information is not shared with the development community. {% data reusables.security-advisory.link-browsing-advisory-db %}
 *   The dependency graph parses all known package manifest files in a user’s repository. For example, for npm it will parse the _package-lock.json_ file. It constructs a graph of all of the repository’s dependencies and public dependents. This happens when you enable the dependency graph and when anyone pushes to the default branch, and it includes commits that makes changes to a supported manifest format. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)" and "[Troubleshooting the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph)."
-*   {% data variables.product.prodname_dependabot %} scans any push, to the default branch, that contains a manifest file. When a new vulnerability record is added, it scans all existing repositories and generates an alert for each vulnerable repository. {% data variables.product.prodname_dependabot_alerts %} are aggregated at the repository level, rather than creating one alert per vulnerability. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."
+*   {% data variables.product.prodname_dependabot %} scans any push, to the default branch, that contains a manifest file. When a new advisory is added, it scans all existing repositories and generates an alert for each repository that is affected. {% data variables.product.prodname_dependabot_alerts %} are aggregated at the repository level, rather than creating one alert per advisory. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."
 *   {% ifversion fpt or ghec or ghes > 3.2 %}{% data variables.product.prodname_dependabot_security_updates %} are triggered when you receive an alert about a vulnerable dependency in your repository. Where possible, {% data variables.product.prodname_dependabot %} creates a pull request in your repository to upgrade the vulnerable dependency to the minimum possible secure version needed to avoid the vulnerability. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)" and "[Troubleshooting {% data variables.product.prodname_dependabot %} errors](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)."
   
-    {% endif %}{% data variables.product.prodname_dependabot %} doesn't scan repositories for vulnerable dependencies on a schedule, but rather when something changes. For example, a scan is triggered when a new dependency is added ({% data variables.product.prodname_dotcom %} checks for this on every push), or when a new vulnerability is added to the advisory database{% ifversion ghes or ghae %} and synchronized to {% data variables.product.product_location %}{% endif %}. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#detection-of-vulnerable-dependencies)."
+    {% endif %}{% data variables.product.prodname_dependabot %} doesn't scan repositories on a schedule, but rather when something changes. For example, a scan is triggered when a new dependency is added ({% data variables.product.prodname_dotcom %} checks for this on every push), or when a new advisory is added to the database{% ifversion ghes or ghae %} and synchronized to {% data variables.product.product_location %}{% endif %}. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#detection-of-insecure-dependencies)."
 
-## Do {% data variables.product.prodname_dependabot_alerts %} only relate to vulnerable dependencies in manifests and lockfiles?
+## Do {% data variables.product.prodname_dependabot_alerts %} only relate to insecure dependencies in manifests and lockfiles?
 
 {% data variables.product.prodname_dependabot_alerts %} advise you about dependencies you should update, including transitive dependencies, where the version can be determined from a manifest or a lockfile. {% ifversion fpt or ghec or ghes > 3.2 %}{% data variables.product.prodname_dependabot_security_updates %} only suggest a change where {% data variables.product.prodname_dependabot %} can directly "fix" the dependency, that is, when these are:
 * Direct dependencies explicitly declared in a manifest or lockfile
@@ -46,17 +46,17 @@ topics:
 
 **Check**: Is the uncaught vulnerability for a component that's not specified in the repository's manifest or lockfile?
 
-## Why don't I get vulnerability alerts for some ecosystems?
+## Why don't I get {% data variables.product.prodname_dependabot_alerts %} for some ecosystems?
 
-{% data variables.product.prodname_dotcom %} limits its support for vulnerability alerts to a set of ecosystems where we can provide high-quality, actionable data. Curated vulnerabilities in the {% data variables.product.prodname_advisory_database %}, the dependency graph, {% ifversion fpt or ghec %}{% data variables.product.prodname_dependabot %} security updates, {% endif %}and  {% data variables.product.prodname_dependabot_alerts %} are provided for several ecosystems, including Java’s Maven, JavaScript’s npm and Yarn, .NET’s NuGet, Python’s pip, Ruby's RubyGems, and PHP’s Composer. We'll continue to add support for more ecosystems over time. For an overview of the package ecosystems that we support, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)."
+{% data variables.product.prodname_dependabot_alerts %} are supported for a set of ecosystems where we can provide high-quality, actionable data. Curated advisories in the {% data variables.product.prodname_advisory_database %}, the dependency graph, {% ifversion fpt or ghec %}{% data variables.product.prodname_dependabot %} security updates, {% endif %}and  {% data variables.product.prodname_dependabot_alerts %} are provided for several ecosystems, including Java’s Maven, JavaScript’s npm and Yarn, .NET’s NuGet, Python’s pip, Ruby's RubyGems, and PHP’s Composer. We'll continue to add support for more ecosystems over time. For an overview of the package ecosystems that we support, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)."
 
-It's worth noting that {% data variables.product.prodname_dotcom %} Security Advisories may exist for other ecosystems. The information in a security advisory is provided by the maintainers of a particular repository. This data is not curated in the same way as information for the supported ecosystems. {% ifversion fpt or ghec %}For more information, see "[About {% data variables.product.prodname_dotcom %} Security Advisories](/github/managing-security-vulnerabilities/about-github-security-advisories)."{% endif %}
+It's worth noting that security advisories may exist for other ecosystems. The information in an unreviewed security advisory is provided by the maintainers of a particular repository. This data is not curated by {% data variables.product.prodname_dotcom %}. {% data reusables.security-advisory.link-browsing-advisory-db %}
 
 **Check**: Does the uncaught vulnerability apply to an unsupported ecosystem?
 
 ## Does {% data variables.product.prodname_dependabot %} generate alerts for vulnerabilities that have been known for many years?
 
-The {% data variables.product.prodname_advisory_database %} was launched in November 2019, and initially back-filled to include vulnerability information for the supported ecosystems, starting from 2017. When adding CVEs to the database, we prioritize curating newer CVEs, and CVEs affecting newer versions of software.
+The {% data variables.product.prodname_advisory_database %} was launched in November 2019, and initially back-filled to include advisories for security risks in the supported ecosystems, starting from 2017. When adding CVEs to the database, we prioritize curating newer CVEs, and CVEs affecting newer versions of software.
 
 Some information on older vulnerabilities is available, especially where these CVEs are particularly widespread, however some old vulnerabilities are not included in the {% data variables.product.prodname_advisory_database %}. If there's a specific old vulnerability that you need to be included in the database, contact {% data variables.contact.contact_support %}. 
 
@@ -69,7 +69,7 @@ Some third-party tools use uncurated CVE data that isn't checked or filtered by
 Since {% data variables.product.prodname_dependabot %} uses curated data in the {% data variables.product.prodname_advisory_database %}, the volume of alerts may be lower, but the alerts you do receive will be accurate and relevant.
 
 {% ifversion fpt or ghec %}
-## Does each dependency vulnerability generate a separate alert?
+## Does each insecure dependency generate a separate alert?
 
 When a dependency has multiple vulnerabilities, an alert is generated for each vulnerability at the level of advisory plus manifest.
 
@@ -93,7 +93,7 @@ You can configure {% data variables.product.prodname_dependabot %} to ignore spe
 ## Further reading
 
 - "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)"
-- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)"
+- "[Viewing and updatng {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts)"
 - "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)"
 - "[Troubleshooting the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph)"{% ifversion fpt or ghec or ghes > 3.2 %}
 - "[Troubleshooting {% data variables.product.prodname_dependabot %} errors](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)"{% endif %}

translations/zh-CN/content/code-security/getting-started/securing-your-organization.md

@@ -133,7 +133,7 @@ For more information, see "[Managing security and analysis settings for your org
 {% data variables.product.prodname_code_scanning_capc %} is configured at the repository level. For more information, see "[Setting up {% data variables.product.prodname_code_scanning %} for a repository](/code-security/secure-coding/setting-up-code-scanning-for-a-repository)."
 
 ## Next steps
-You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see {% ifversion fpt or ghes or ghec %} "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository),"{% endif %} {% ifversion fpt or ghec or ghes > 3.2 %}"[Managing pull requests for dependency updates](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Managing {% data variables.product.prodname_code_scanning %} for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," and "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."
+You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see {% ifversion fpt or ghes or ghec %} "[Viewing and updatng {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts),"{% endif %} {% ifversion fpt or ghec or ghes > 3.2 %}"[Managing pull requests for dependency updates](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Managing {% data variables.product.prodname_code_scanning %} for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," and "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."
 
 {% ifversion fpt or ghec %}If you have a security vulnerability, you can create a security advisory to privately discuss and fix the vulnerability. For more information, see "[About {% data variables.product.prodname_security_advisories %}](/code-security/security-advisories/about-github-security-advisories)" and "[Creating a security advisory](/code-security/security-advisories/creating-a-security-advisory)."
 {% endif %}

translations/zh-CN/content/code-security/getting-started/securing-your-repository.md

@@ -140,7 +140,7 @@ You can set up {% data variables.product.prodname_code_scanning %} to automatica
 {% endif %}
 
 ## Next steps
-You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see {% ifversion fpt or ghes or ghec %} "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository),"{% endif %} {% ifversion fpt or ghec or ghes > 3.2 %}"[Managing pull requests for dependency updates](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Managing {% data variables.product.prodname_code_scanning %} for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," and "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."
+You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see {% ifversion fpt or ghes or ghec %} "[Viewing and updatng {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts),"{% endif %} {% ifversion fpt or ghec or ghes > 3.2 %}"[Managing pull requests for dependency updates](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Managing {% data variables.product.prodname_code_scanning %} for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," and "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."
 
 {% ifversion fpt or ghec %}If you have a security vulnerability, you can create a security advisory to privately discuss and fix the vulnerability. For more information, see "[About {% data variables.product.prodname_security_advisories %}](/code-security/security-advisories/about-github-security-advisories)" and "[Creating a security advisory](/code-security/security-advisories/creating-a-security-advisory)."
 {% endif %}

translations/zh-CN/content/code-security/guides.md

@@ -84,6 +84,7 @@ includeGuides:
   - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository
   - /code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review
   - /code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph
+  - /code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api
   - /code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository
 ---
 

translations/zh-CN/content/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning.md

@@ -28,9 +28,9 @@ topics:
 您可以定义自定义模式来标识 {% data variables.product.prodname_secret_scanning %} 支持的默认模式未检测到的机密。 例如，您可能有一个属于您组织内部的密钥模式。 有关支持的机密和服务提供商的详细信息，请参阅“[{% data variables.product.prodname_secret_scanning_caps %} 模式](/code-security/secret-scanning/secret-scanning-patterns)”。
 
 您可以为企业、组织或存储库定义自定义模式。 {% data variables.product.prodname_secret_scanning_caps %} 最多支持
-{%- ifversion fpt or ghec or ghes > 3.3 %} 每个组织或企业帐户 500 个自定义模式，每个存储库最多 100 个自定义模式。
-{%- elsif ghes = 3.3 %} 每个组织或企业帐户有 100 个自定义模式，每个存储库有 20 个自定义模式。
-{%- else %} 每个组织或企业帐户有 20 个自定义模式，每个存储库有 个自定义模式。
+{%- ifversion fpt or ghec or ghes > 3.3 or ghae-issue-7297 %} 每个组织或企业帐户 500 个自定义模式，每个存储库最多 100 个自定义模式。
+{%- elsif ghes = 3.2 %} 每个组织或企业帐户有 20 个自定义模式，每个存储库有 个自定义模式。
+{%- else %} 每个组织或企业帐户有 100 个自定义模式，每个存储库有 20 个自定义模式。
 {%- endif %}
 
 {% ifversion ghes < 3.3 %}
@@ -67,7 +67,7 @@ topics:
 {% data reusables.repositories.navigate-to-code-security-and-analysis %}
 {% data reusables.repositories.navigate-to-ghas-settings %}
 {% data reusables.advanced-security.secret-scanning-new-custom-pattern %}
-{% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5499 %}
+{% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}{% ifversion secret-scanning-custom-enterprise-35 %}
 1. 当您准备好测试新的自定义模式时，要识别存储库中的匹配项而不创建警报，请单击 **Save and dry run（保存并空运行）**。
 {% data reusables.advanced-security.secret-scanning-dry-run-results %}
 {% endif %}
@@ -122,7 +122,7 @@ aAAAe9
 {% data reusables.repositories.navigate-to-ghas-settings %}
 {% data reusables.advanced-security.secret-scanning-new-custom-pattern %}
 {% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}
-{%- ifversion secret-scanning-org-dry-runs %}
+{%- ifversion secret-scanning-custom-enterprise-35 %}
 1. 当您准备好测试新的自定义模式时，要识别所选存储库中的匹配项而不创建警报，请单击 **Save and dry run（保存并试运行）**。
 {% data reusables.advanced-security.secret-scanning-dry-run-select-repos %}
 {% data reusables.advanced-security.secret-scanning-dry-run-results %}
@@ -141,7 +141,7 @@ aAAAe9
 
 {% note %}
 
-{% ifversion secret-scanning-enterprise-dry-runs %}
+{% ifversion secret-scanning-custom-enterprise-36 %}
 **注意：**
 - 在企业级别，只有自定义模式的创建者才能编辑该模式，并在试运行中使用它。
 - 企业所有者只能使用他们有权访问的存储库上的试运行，而企业所有者不一定有权访问企业内的所有组织或存储库。
@@ -158,8 +158,8 @@ aAAAe9
 {% data reusables.enterprise-accounts.advanced-security-security-features %}
 1. 在“Secret scanning custom patterns（机密扫描自定义模式）”下，单击 {% ifversion ghes = 3.2 %}**New custom pattern（新建自定义模式）**{% else %}**New pattern（新建模式）**{% endif %}。
 {% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}
-{%- ifversion secret-scanning-enterprise-dry-runs %}
-1. 当您准备好测试新的自定义模式时，要识别存储库中的匹配项而不创建警报，请单击 **Save and dry run（保存并空运行）**。
+{%- ifversion secret-scanning-custom-enterprise-36 %}
+1. 当您准备好测试新的自定义模式时，要识别企业中的匹配项而不创建警报，请单击 **Save and dry run（保存并空运行）**。
 {% data reusables.advanced-security.secret-scanning-dry-run-select-repos %}
 {% data reusables.advanced-security.secret-scanning-dry-run-results %}
 {%- endif %}
@@ -175,7 +175,10 @@ aAAAe9
    * 对于存储库或组织，显示创建自定义模式的存储库或组织的“安全和分析”设置。 更多信息请参阅“[定义仓库的自定义模式](#defining-a-custom-pattern-for-a-repository)”或“[定义组织的自定义模式](#defining-a-custom-pattern-for-an-organization)”。
    * 对于企业，在“Policies（策略）”下显示“Advanced Security（高级安全性）”区域，然后单击 **Security features（安全功能）**。 更多信息请参阅上面的“[为企业帐户定义自定义模式](#defining-a-custom-pattern-for-an-enterprise-account)”。
 2. 在“{% data variables.product.prodname_secret_scanning_caps %}”下要编辑的自定义模式的右侧，单击 {% octicon "pencil" aria-label="The edit icon" %}。
-3. 查看并测试更改后，单击 **Save changes（保存更改）**。
+{%- ifversion secret-scanning-custom-enterprise-36 %}
+3. 当您准备好测试编辑的自定义模式时，要识别匹配项而不创建警报，请单击 **Save and dry run（保存并空运行）**。
+{%- endif %}
+4. 查看并测试更改后，单击 **Save changes（保存更改）**。
 {% endif %}
 
 ## 删除自定义模式

translations/zh-CN/content/code-security/security-overview/filtering-alerts-in-the-security-overview.md

@@ -23,7 +23,7 @@ shortTitle: 筛选警报
 
 ## 关于筛选安全性概述
 
-可以使用安全概述中的筛选器，根据一系列因素（如警报风险级别、警报类型和功能启用）缩小关注范围。 Different filters are available depending on the specific view and whether your analysis is at the organization, team or repository level.
+可以使用安全概述中的筛选器，根据一系列因素（如警报风险级别、警报类型和功能启用）缩小关注范围。 根据特定视图以及是在组织、团队还是存储库级别进行分析，可以使用不同的筛选器。
 
 ## 按仓库过滤
 

translations/zh-CN/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-code.md

@@ -47,7 +47,7 @@ topics:
 
 ### 自动检测依赖项中的漏洞
 
-{% data variables.product.prodname_dependabot %} 可以监控依赖项并在依赖项中包含已知漏洞时通知您。 {% ifversion fpt or ghec or ghes > 3.2 %}您甚至可以让 {% data variables.product.prodname_dependabot %} 自动提取拉取请求以将依赖项更新为安全版本。{% endif %} 更多信息请参阅“[关于漏洞依赖项的警报](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)”{% ifversion fpt or ghec or ghes > 3.2 %} 和“[关于 Dependabot 安全更新](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)”{% endif %}。
+{% data variables.product.prodname_dependabot %} 可以监控依赖项并在依赖项中包含已知漏洞时通知您。 {% ifversion fpt or ghec or ghes > 3.2 %}您甚至可以启用 {% data variables.product.prodname_dependabot %} 以自动引发将依赖项更新为安全版本的拉取请求。{% endif %} 更多信息请参阅[关于 {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts){% ifversion fpt or ghec or ghes > 3.2 %} 和[关于 Dependabot 安全更新](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates){% endif %}。
 
 ### 评估易有漏洞依赖项的风险暴露情况
 

translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md

@@ -1,6 +1,6 @@
 ---
 title: About dependency review
-intro: 'Dependency review lets you catch vulnerable dependencies before you introduce them to your environment, and provides information on license, dependents, and age of dependencies.'
+intro: 'Dependency review lets you catch insecure dependencies before you introduce them to your environment, and provides information on license, dependents, and age of dependencies.'
 product: '{% data reusables.gated-features.dependency-review %}'
 shortTitle: Dependency review
 versions:
@@ -62,7 +62,6 @@ The action uses the Dependency Review REST API to get the diff of dependency cha
 
 {% ifversion dependency-review-action-configuration %}
 You can configure the {% data variables.product.prodname_dependency_review_action %} to better suit your needs. For example, you can specify the severity level that will make the action fail, or set an allow or deny list for licenses to scan. For more information, see "[Configuring dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review#configuring-the-dependency-review-github-action)." 
-
 {% endif %}
 
 {% endif %}

translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md

@@ -23,7 +23,7 @@ topics:
 
 ## About supply chain security at GitHub
 
-With the accelerated use of open source, most projects depend on hundreds of open-source dependencies. This poses a security problem: what if the dependencies you're using are vulnerable? You could be putting your users at risk of a supply chain attack. One of the most important things you can do to protect your supply chain is to patch your vulnerabilities.
+With the accelerated use of open source, most projects depend on hundreds of open-source dependencies. This poses a security problem: what if the dependencies you're using are vulnerable? You could be putting your users at risk of a supply chain attack. One of the most important things you can do to protect your supply chain is to patch your vulnerable dependencies{% ifversion GH-advisory-db-supports-malware %} and replace any malware{% endif %}.
 
 You add dependencies directly to your supply chain when you specify them in a manifest file or a lockfile. Dependencies can also be included transitively, that is, even if you don’t specify a particular dependency, but a dependency of yours uses it, then you’re also dependent on that dependency.
 
@@ -43,7 +43,7 @@ The dependency graph is central to supply chain security. The dependency graph i
 Other supply chain features on {% data variables.product.prodname_dotcom %} rely on the information provided by the dependency graph.
 
 - Dependency review uses the dependency graph to identify dependency changes and help you understand the security impact of these changes when you review pull requests.
-- {% data variables.product.prodname_dependabot %} cross-references dependency data provided by the dependency graph with the list of known vulnerabilities published in the {% data variables.product.prodname_advisory_database %}, scans your dependencies and generates {% data variables.product.prodname_dependabot_alerts %} when a potential vulnerability is detected.
+- {% data variables.product.prodname_dependabot %} cross-references dependency data provided by the dependency graph with the list of advisories published in the {% data variables.product.prodname_advisory_database %}, scans your dependencies and generates {% data variables.product.prodname_dependabot_alerts %} when a potential vulnerability {% ifversion GH-advisory-db-supports-malware %}or malware{% endif %} is detected.
 {% ifversion fpt or ghec or ghes > 3.2 %}- {% data variables.product.prodname_dependabot_security_updates %} use the dependency graph and  {% data variables.product.prodname_dependabot_alerts %} to help you update dependencies with known vulnerabilities in your repository.
 
 {% data variables.product.prodname_dependabot_version_updates %} don't use the dependency graph and rely on the semantic versioning of dependencies instead. {% data variables.product.prodname_dependabot_version_updates %} help you keep your dependencies updated, even when they don’t have any vulnerabilities.
@@ -51,7 +51,7 @@ Other supply chain features on {% data variables.product.prodname_dotcom %} rely
 {% endif %}
 
 {% ifversion ghes < 3.2 %}
-{% data variables.product.prodname_dependabot %} cross-references dependency data provided by the dependency graph with the list of known vulnerabilities published in the {% data variables.product.prodname_advisory_database %}, scans your dependencies and generates {% data variables.product.prodname_dependabot_alerts %} when a potential vulnerability is detected.
+{% data variables.product.prodname_dependabot %} cross-references dependency data provided by the dependency graph with the list of known advisories published in the {% data variables.product.prodname_advisory_database %}, scans your dependencies and generates {% data variables.product.prodname_dependabot_alerts %} when a potential vulnerability is detected.
  {% endif %}
 
 {% ifversion fpt or ghec or ghes %}
@@ -68,6 +68,10 @@ To generate the dependency graph, {% data variables.product.company_short %} loo
 - The dependency graph is automatically updated when you push a commit to {% data variables.product.company_short %} that changes or adds a supported manifest or lock file to the default branch, and when anyone pushes a change to the repository of one of your dependencies.
 - You can see the dependency graph by opening the repository's main page on {% data variables.product.product_name %}, and navigating to the **Insights** tab.
 
+{% ifversion dependency-submission-api %} 
+{% data reusables.dependency-submission.dependency-submission-link %}
+{% endif %}
+
 For more information about the dependency graph, see "[About the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)."
 
 {% ifversion fpt or ghec or ghes > 3.1 or ghae %}
@@ -96,16 +100,16 @@ The term "{% data variables.product.prodname_dependabot %}" encompasses the foll
 
 #### What are Dependabot alerts
 
-{% data variables.product.prodname_dependabot_alerts %} highlight repositories affected by a newly discovered vulnerability based on the dependency graph and the {% data variables.product.prodname_advisory_database %}, which contains the versions on known vulnerability lists. 
+{% data variables.product.prodname_dependabot_alerts %} highlight repositories affected by a newly discovered vulnerability based on the dependency graph and the {% data variables.product.prodname_advisory_database %}, which contains advisories for known vulnerabilities{% ifversion GH-advisory-db-supports-malware %} and malware{% endif %}. 
 
-- {% data variables.product.prodname_dependabot %} performs a scan to detect vulnerable dependencies and sends {% data variables.product.prodname_dependabot_alerts %} when:
+- {% data variables.product.prodname_dependabot %} performs a scan to detect insecure dependencies and sends {% data variables.product.prodname_dependabot_alerts %} when:
 {% ifversion fpt or ghec %}
-   - A new vulnerability is added to the {% data variables.product.prodname_advisory_database %}.{% else %}
+   - A new advisory is added to the {% data variables.product.prodname_advisory_database %}.{% else %}
    - New advisory data is synchronized to {% data variables.product.product_location %} each hour from {% data variables.product.prodname_dotcom_the_website %}. {% data reusables.security-advisory.link-browsing-advisory-db %}{% endif %}
    - The dependency graph for the repository changes. 
 - {% data variables.product.prodname_dependabot_alerts %} are displayed {% ifversion fpt or ghec or ghes > 3.0 %} on the **Security** tab for the repository and{% endif %} in the repository's dependency graph. The alert includes {% ifversion fpt or ghec or ghes > 3.0 %}a link to the affected file in the project, and {% endif %}information about a fixed version.
 
-For more information about {% data variables.product.prodname_dependabot_alerts %}, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)."
+For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)."
 
 {% ifversion fpt or ghec or ghes > 3.2 %}
 #### What are Dependabot updates
@@ -134,7 +138,7 @@ For more information about {% data variables.product.prodname_dependabot_updates
 Public repositories:
 - **Dependency graph**—enabled by default and cannot be disabled.
 - **Dependency review**—enabled by default and cannot be disabled.
-- **{% data variables.product.prodname_dependabot_alerts %}**—not enabled by default. {% data variables.product.prodname_dotcom %} detects vulnerable dependencies and displays information in the dependency graph, but does not generate {% data variables.product.prodname_dependabot_alerts %} by default. Repository owners or people with admin access can enable {% data variables.product.prodname_dependabot_alerts %}. 
+- **{% data variables.product.prodname_dependabot_alerts %}**—not enabled by default. {% data variables.product.prodname_dotcom %} detects insecure dependencies and displays information in the dependency graph, but does not generate {% data variables.product.prodname_dependabot_alerts %} by default. Repository owners or people with admin access can enable {% data variables.product.prodname_dependabot_alerts %}. 
   You can also enable or disable Dependabot alerts for all repositories owned by your user account or organization. For more information, see "[Managing security and analysis settings for your user account](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-security-and-analysis-settings-for-your-personal-account)" or "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)."
 
 Private repositories:

translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md

@@ -25,6 +25,10 @@ shortTitle: Dependency graph
 
 When you push a commit to {% data variables.product.product_name %} that changes or adds a supported manifest or lock file to the default branch, the dependency graph is automatically updated.{% ifversion fpt or ghec %} In addition, the graph is updated when anyone pushes a change to the repository of one of your dependencies.{% endif %} For information on the supported ecosystems and manifest files, see "[Supported package ecosystems](#supported-package-ecosystems)" below.
 
+{% ifversion dependency-submission-api %} 
+{% data reusables.dependency-submission.dependency-submission-link %}
+{% endif %}
+
 {% ifversion fpt or ghes > 3.1 or ghae or ghec %}
 When you create a pull request containing changes to dependencies that targets the default branch, {% data variables.product.prodname_dotcom %} uses the dependency graph to add dependency reviews to the pull request. These indicate whether the dependencies contain vulnerabilities and, if so, the version of the dependency in which the vulnerability was fixed. For more information, see "[About dependency review](/code-security/supply-chain-security/about-dependency-review)."
 {% endif %}
@@ -37,9 +41,9 @@ When you create a pull request containing changes to dependencies that targets t
 
 ## Dependencies included
 
-The dependency graph includes all the dependencies of a repository that are detailed in the manifest and lock files, or their equivalent, for supported ecosystems. This includes:
+The dependency graph includes all the dependencies of a repository that are detailed in the manifest and lock files, or their equivalent, for supported ecosystems{% ifversion dependency-submission-api %}, as well as any dependencies that are submitted using the Dependency submission API (beta){% endif %}. This includes:
 
-- Direct dependencies, that are explicitly defined in a manifest or lock file
+- Direct dependencies, that are explicitly defined in a manifest or lock file {% ifversion dependency-submission-api %} or have been submitted using the Dependency submission API (beta){% endif %}
 - Indirect dependencies of these direct dependencies, also known as transitive dependencies or sub-dependencies
 
 The dependency graph identifies indirect dependencies{% ifversion fpt or ghec %} either explicitly from a lock file or by checking the dependencies of your direct dependencies. For the most reliable graph, you should use lock files (or their equivalent) because they define exactly which versions of the direct and indirect dependencies you currently use. If you use lock files, you also ensure that all contributors to the repository are using the same versions, which will make it easier for you to test and debug code{% else %} from the lock files{% endif %}.
@@ -63,7 +67,7 @@ You can use the dependency graph to:
 
 ## Supported package ecosystems
 
-The recommended formats explicitly define which versions are used for all direct and all indirect dependencies. If you use these formats, your dependency graph is more accurate. It also reflects the current build set up and enables the dependency graph to report vulnerabilities in both direct and indirect dependencies.{% ifversion fpt or ghec %} Indirect dependencies that are inferred from a manifest file (or equivalent) are excluded from the checks for vulnerable dependencies.{% endif %}
+The recommended formats explicitly define which versions are used for all direct and all indirect dependencies. If you use these formats, your dependency graph is more accurate. It also reflects the current build set up and enables the dependency graph to report vulnerabilities in both direct and indirect dependencies.{% ifversion fpt or ghec %} Indirect dependencies that are inferred from a manifest file (or equivalent) are excluded from the checks for insecure dependencies.{% endif %}
 
 | Package manager | Languages | Recommended formats | All supported formats |
 | --- | --- | --- | ---|
@@ -106,9 +110,11 @@ The recommended formats explicitly define which versions are used for all direct
 
 {% endnote %}
 {% endif %}
+
+{% ifversion dependency-submission-api %}You can use the Dependency submission API (beta) to add dependencies from the package manager or ecosystem of your choice to the dependency graph, even if the ecosystem is not in the supported ecosystem list above. The dependency graph will display the submitted dependencies grouped by ecosystem, but separately from the dependencies parsed from manifest or lock files. You will only get {% data variables.product.prodname_dependabot_alerts %} for dependencies that are from one of the [supported ecosystems](https://github.com/github/advisory-database#supported-ecosystems) of the {% data variables.product.prodname_advisory_database %}. For more information on the Dependency submission API, see "[Using the Dependency submission API](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)."{% endif %}
 ## Further reading
 
 - "[Dependency graph](https://en.wikipedia.org/wiki/Dependency_graph)" on Wikipedia
 - "[Exploring the dependencies of a repository](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-of-a-repository)"
-- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)"
+- "[Viewing and updating {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts)"
 - "[Troubleshooting the detection of vulnerable dependencies](/github/managing-security-vulnerabilities/troubleshooting-the-detection-of-vulnerable-dependencies)"

translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md

@@ -49,26 +49,26 @@ topics:
 {% endif %}
 
 {% ifversion dependency-review-action-configuration %}
-## Configuring the {% data variables.product.prodname_dependency_review_action %}
+## 配置 {% data variables.product.prodname_dependency_review_action %}
 
 {% data reusables.dependency-review.dependency-review-action-beta-note %}
 {% data reusables.dependency-review.dependency-review-action-overview %}
 
-The following configuration options are available.
+以下是可用的配置选项：
 
-| 选项                 | 必选 | 用法                                                                                                                                                                                                                                                                        |
-| ------------------ | -- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `fail-on-severity` | 可选 | Defines the threshold for level of severity (`low`, `moderate`, `high`, `critical`).</br>The action will fail on any pull requests that introduce vulnerabilities of the specified severity level or higher.                                                              |
-| `allow-licenses`   | 可选 | Contains a list of allowed licenses. You can find the possible values for this parameter in the [Licenses](/rest/licenses) page of the API documentation.</br>The action will fail on pull requests that introduce dependencies with licenses that do not match the list. |
-| `deny-licenses`    | 可选 | Contains a list of prohibited licenses. You can find the possible values for this parameter in the [Licenses](/rest/licenses) page of the API documentation.</br>The action will fail on pull requests that introduce dependencies with licenses that match the list.     |
+| 选项                 | 必选 | 用法                                                                                              |
+| ------------------ | -- | ----------------------------------------------------------------------------------------------- |
+| `fail-on-severity` | 可选 | 定义严重性级别的阈值（`低`、`中`、`高`、`严重`）。</br>对于引入指定严重性级别或更高级别的漏洞的任何拉取请求，该操作都将失败。                           |
+| `allow-licenses`   | 可选 | 包含允许的许可证的列表。 您可以在 API 文档的[许可证](/rest/licenses)页面中找到此参数的可能值。</br>对于引入与列表不匹配的许可证的依赖项的拉取请求，该操作将失败。 |
+| `deny-licenses`    | 可选 | 包含禁止的许可证列表。 您可以在 API 文档的[许可证](/rest/licenses)页面中找到此参数的可能值。</br>对于引入与列表匹配的许可证的依赖项的拉取请求，该操作将失败。   |
 
 {% tip %}
 
-**Tip:** The  `allow-licenses` and  `deny-licenses` options are mutually exclusive.
+**提示：**  `allow-licenses` 和 `deny-licenses` 选项是互斥的。
 
 {% endtip %}
 
-This {% data variables.product.prodname_dependency_review_action %} example file illustrates how you can use these configuration options.
+此 {% data variables.product.prodname_dependency_review_action %} 示例文件说明了如何使用这些配置选项。
 
 ```yaml{:copy}
 name: 'Dependency Review'
@@ -98,5 +98,5 @@ jobs:
           # deny-licenses: LGPL-2.0, BSD-2-Clause
 ```
 
-For further details about the configuration options, see [`dependency-review-action`](https://github.com/actions/dependency-review-action#readme).
+有关配置选项的更多详细信息，请参阅 [`dependency-review-action`](https://github.com/actions/dependency-review-action#readme)。
 {% endif %}

translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph.md

@@ -22,8 +22,12 @@ shortTitle: 配置依赖关系图
 
 更多信息请参阅“[关于依赖关系图](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)”。
 
-{% ifversion fpt or ghec %} ## About configuring the dependency graph {% endif %}
-{% ifversion fpt or ghec %}要生成依赖关系图，{% data variables.product.product_name %} 需要对仓库的依赖项清单和锁定文件的只读访问权限。 依赖关系图自动为所有公共仓库生成，您可以选择为私有仓库启用它。 有关查看依赖关系图的更多信息，请参阅“[探索存储库的依赖关系](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-of-a-repository)”。{% endif %}
+{% ifversion fpt or ghec %}
+## About configuring the dependency graph
+To generate a dependency graph, {% data variables.product.product_name %} needs read-only access to the dependency manifest and lock files for a repository. 依赖关系图自动为所有公共仓库生成，您可以选择为私有仓库启用它。 有关查看依赖关系图的更多信息，请参阅“[探索存储库的依赖关系](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-of-a-repository)”。
+
+{% data reusables.dependency-submission.dependency-submission-link %}
+{% endif %}
 
 {% ifversion ghes %} ## Enabling the dependency graph
 {% data reusables.dependabot.ghes-ghae-enabling-dependency-graph %}{% endif %}{% ifversion fpt or ghec %}
@@ -35,8 +39,12 @@ shortTitle: 配置依赖关系图
 
 首次启用依赖关系图时，将立即剖析受支持的生态系统的任何清单和锁定文件。 依赖关系图通常在几分钟之内填充，但对于依赖项很多的仓库，可能需要更长时间。 启用后，该图将在每次推送到仓库{% ifversion fpt or ghec %}以及每次推送到该图中的其他仓库{% endif %}时自动更新。
 
+{% ifversion ghes %}
+{% ifversion dependency-submission-api %}{% data reusables.dependency-submission.dependency-submission-link %}{% endif %}
+{% endif %}
+
 ## 延伸阅读
 
 {% ifversion ghec %}"[查看用于组织的洞见](/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-your-organization)"{% endif %}
-- "[查看漏洞依赖项的 {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)"
+- “[查看和更新 {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts)”
 - "[漏洞依赖项检测疑难解答](/github/managing-security-vulnerabilities/troubleshooting-the-detection-of-vulnerable-dependencies)"

translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md

@@ -42,6 +42,10 @@ shortTitle: 探索依赖项
 {% ifversion fpt or ghec %}
 依赖项按生态系统分组。 您可以展开依赖项以查看其依赖项。  私有仓库、私有包或无法识别文件上的依赖项以纯文本显示。 如果依赖项的包管理器位于公共存储库中，{% data variables.product.product_name %} 将显示指向该存储库的链接。
 
+{% ifversion dependency-submission-api %}
+使用依赖项提交 API（测试版）提交到项目的依赖项（尽管也按生态系统分组），但与通过存储库中的清单或锁定文件标识的依赖项分开显示。 这些提交的依赖项在依赖项图中显示为“快照依赖项”，因为它们是作为依赖项的快照或集合提交的。 有关使用依赖项提交 API 的详细信息，请参阅“[使用依赖项提交 API](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)”。
+{% endif %}
+
 如果在仓库中检测到漏洞，这些漏洞将显示在视图顶部，供有权访问 {% data variables.product.prodname_dependabot_alerts %} 的用户查看。
 
 ![依赖关系图](/assets/images/help/graphs/dependencies_graph.png)
@@ -101,12 +105,12 @@ shortTitle: 探索依赖项
 {% ifversion fpt or ghec %}
 如果文件格式正确，请检查文件大小。 除非您是 {% data variables.product.prodname_enterprise %} 用户，否则依赖关系图将忽略超过 1.5 Mb 的单个清单和锁定文件。 默认情况下，每个仓库最多处理 20 个清单或锁定文件，因此您可以在仓库子目录中将依赖项拆分为较小的文件。{% endif %}
 
-如果清单或锁定文件未获处理，其依赖项将从依赖关系图中省略，而不能接受有漏洞依赖项的检查。
+如果清单或锁定文件未获处理，其依赖项将从依赖关系图中省略，而不能接受非安全依赖项的检查。
 
 ## 延伸阅读
 
 - “[关于依赖关系图](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)”
-- "[查看漏洞依赖项的 {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)"{% ifversion ghec %}
+- “[查看和更新 {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts)”{% ifversion ghec %}
 - "[查看用于组织的洞见](/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-your-organization)"{% endif %}{% ifversion fpt or ghec %}
 - "[了解 {% data variables.product.prodname_dotcom %} 如何使用和保护数据](/get-started/privacy-on-github)"
 {% endif %}

translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md

@@ -14,6 +14,7 @@ children:
   - /about-supply-chain-security
   - /about-the-dependency-graph
   - /configuring-the-dependency-graph
+  - /using-the-dependency-submission-api
   - /about-dependency-review
   - /configuring-dependency-review
   - /exploring-the-dependencies-of-a-repository

translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md

@@ -22,15 +22,19 @@ topics:
 
 ## Does the dependency graph only find dependencies in manifests and lockfiles?
 
-The dependency graph includes information on dependencies that are explicitly declared in your environment. That is, dependencies that are specified in a manifest or a lockfile. The dependency graph generally also includes transitive dependencies, even when they aren't specified in a lockfile, by looking at the dependencies of the dependencies in a manifest file.
+The dependency graph {% ifversion dependency-submission-api %}automatically{% endif %} includes information on dependencies that are explicitly declared in your environment. That is, dependencies that are specified in a manifest or a lockfile. The dependency graph generally also includes transitive dependencies, even when they aren't specified in a lockfile, by looking at the dependencies of the dependencies in a manifest file.
 
-The dependency graph doesn't include "loose" dependencies. "Loose" dependencies are individual files that are copied from another source and checked into the repository directly or within an archive (such as a ZIP or JAR file), rather than being referenced by in a package manager’s manifest or lockfile. 
+The dependency graph doesn't {% ifversion dependency-submission-api %}automatically{% endif %} include "loose" dependencies. "Loose" dependencies are individual files that are copied from another source and checked into the repository directly or within an archive (such as a ZIP or JAR file), rather than being referenced by in a package manager’s manifest or lockfile. 
+
+{% ifversion dependency-submission-api %}However, you can use the Dependency submission API (beta) to add dependencies to a project's dependency graph, even if the dependencies are not declared in a manifest or lock file, such as dependencies resolved when a project is built. The dependency graph will display the submitted dependencies grouped by ecosystem, but separately from the dependencies parsed from manifest or lock files. For more information on the Dependency submission API, see "[Using the Dependency submission API](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)."{% endif %}
 
 **Check**: Is the missing dependency for a component that's not specified in the repository's manifest or lockfile?
 
 ## Does the dependency graph detect dependencies specified using variables?
 
-The dependency graph analyzes manifests as they’re pushed to {% data variables.product.prodname_dotcom %}. The dependency graph doesn't, therefore, have access to the build environment of the project, so it can't resolve variables used within manifests. If you use variables within a manifest to specify the name, or more commonly the version of a dependency, then that dependency will not be included in the dependency graph.
+The dependency graph analyzes manifests as they’re pushed to {% data variables.product.prodname_dotcom %}. The dependency graph doesn't, therefore, have access to the build environment of the project, so it can't resolve variables used within manifests. If you use variables within a manifest to specify the name, or more commonly the version of a dependency, then that dependency will not {% ifversion dependency-submission-api %}automatically{% endif %} be included in the dependency graph.
+
+{% ifversion dependency-submission-api %}However, you can use the Dependency submission API (beta) to add dependencies to a project's dependency graph, even if the dependencies are only resolved when a project is built. For more information on the Dependency submission API, see "[Using the Dependency submission API](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)."{% endif %}
 
 **Check**: Is the missing dependency declared in the manifest by using a variable for its name or version?
 

translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api.md

@@ -0,0 +1,86 @@
+---
+title: Using the Dependency submission API
+intro: 'You can use the Dependency submission API to submit dependencies for projects, such as the dependencies resolved when a project is built or compiled.'
+shortTitle: Dependency submission API
+topics:
+  - API
+  - Dependency graph
+  - Dependencies
+  - REST
+versions:
+  feature: dependency-submission-api
+---
+
+{% data reusables.dependency-submission.dependency-submission-api-beta %}
+
+## About the Dependency submission API
+
+{% data reusables.dependency-submission.about-dependency-submission %}
+
+Dependencies are submitted to the dependency submission API in the form of a snapshot. A snapshot is a set of dependencies associated with a commit SHA and other metadata, that reflects the current state of your repository for a commit. For more information about the Dependency submission API, see the [Dependency submission REST API documentation](/rest/dependency-graph/dependency-submission).
+
+## Submitting dependencies at build-time
+
+You can use the Dependency submission API in a {% data variables.product.prodname_actions %} workflow to submit dependencies for your project when your project is built.
+
+### Using pre-made actions
+
+The simplest way to use the Dependency submission API is by adding a pre-made action to your repository that will gather and convert the list of dependencies to the required snapshot format and submit the list to the API. Actions that complete these steps for various ecosystems are available on {% data variables.product.prodname_marketplace %} and more actions will be created during the course of the beta and beyond. You can find links to the currently available actions in the table below:
+
+| Ecosystem | 操作                                                                              |
+| --------- | ------------------------------------------------------------------------------- |
+| Go        | [Go Dependency Submission](https://github.com/actions/go-dependency-submission) |
+
+For example, the following [Go Dependency Submission](https://github.com/actions/go-dependency-submission) workflow calculates the dependencies for a Go build-target (a Go file with a `main` function) and submits the list to the Dependency Submission API.
+
+```yaml
+
+name: Go Dependency Submission
+on:
+  push:
+    branches:
+      - main
+
+# The API requires write permission on the repository to submit dependencies
+permissions:
+  contents: write
+
+# Envionment variables to configure Go and Go modules. Customize as necessary
+env:
+  GOPROXY: '' # A Go Proxy server to be used
+  GOPRIVATE: '' # A list of modules are considered private and not requested from GOPROXY
+jobs:
+  go-action-detection:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: {% data reusables.actions.action-checkout %}
+
+      - uses: {% data reusables.actions.action-setup-go %}
+        with:
+          go-version: ">=1.18.0"
+
+      - name: Run snapshot action
+        uses: @actions/go-dependency-submission@v1
+        with:
+            # Required: Define the repo path to the go.mod file used by the
+            # build target
+            go-mod-path: go-example/go.mod
+            #
+            # Optional. Define the repo path of a build target,
+            # a file with a `main()` function.
+            # If undefined, this action will collect all dependencies
+            # used by all build targets for the module. This may
+            # include Go dependencies used by tests and tooling.
+            go-build-target: go-example/cmd/octocat.go
+
+```
+### Creating your own action
+
+Alternatively, you can write your own action to submit dependencies for your project at build-time. Your workflow should:
+
+  1. Generate a list of dependencies for your project.
+  2. Translate the list of dependencies into the snapshot format accepted by the Dependency submission API. For more information about the format, see the body parameters for the "Create a repository snapshot" API operation in the [Dependency submission REST API documentation](/rest/dependency-graph/dependency-submission).
+  3. Submit the formatted list of dependencies to the Dependency submission API.
+
+{% data variables.product.product_name %} maintains the [Dependency Submission Toolkit](https://github.com/github/dependency-submission-toolkit), a TypeScript library to help you build your own GitHub Action for submitting dependencies to the Dependency submission API. For more information about writing an action, see "[Creating actions](/actions/creating-actions)".

translations/zh-CN/content/codespaces/prebuilding-your-codespaces/about-codespaces-prebuilds.md

@@ -1,7 +1,7 @@
 ---
 title: 关于代码空间预构建
 shortTitle: 关于预构建
-intro: Codespaces prebuilds help to speed up the creation of new codespaces for large or complex repositories.
+intro: 代码空间预构建有助于加快为大型或复杂存储库创建新代码空间的速度。
 versions:
   fpt: '*'
   ghec: '*'
@@ -12,11 +12,11 @@ product: '{% data reusables.gated-features.codespaces %}'
 
 ## 概览
 
-Prebuilding your codespaces allows you to be more productive and access your codespace faster, particularly if your repository is large or complex and new codespaces currently take more than 2 minutes to start. 这是因为在为项目创建代码空间之前，任何源代码、编辑器扩展、项目依赖项、命令和配置都已下载、安装和应用。 将预构建视为代码空间的“准备就绪”模板。
+预构建代码空间可以提高工作效率并更快地访问代码空间，尤其是在存储库很大或很复杂并且新代码空间目前需要 2 分钟以上的时间才能启动的情况下。 这是因为在为项目创建代码空间之前，任何源代码、编辑器扩展、项目依赖项、命令和配置都已下载、安装和应用。 将预构建视为代码空间的“准备就绪”模板。
 
 默认情况下，每当您将更改推送到存储库时，{% data variables.product.prodname_codespaces %} 都会使用 {% data variables.product.prodname_actions %} 自动更新您的预构建。
 
-当预构建可用于存储库的特定分支以及您所在的地区时，则创建代码空间时在计算机类型选项列表中会看到“{% octicon "zap" aria-label="The zap icon" %} 预构建就绪”标签。 If a prebuild is still being created, you will see the "{% octicon "history" aria-label="The history icon" %} Prebuild in progress" label. 更多信息请参阅“[创建代码空间](/codespaces/developing-in-codespaces/creating-a-codespace#creating-a-codespace)”。
+当预构建可用于存储库的特定分支以及您所在的地区时，则创建代码空间时在计算机类型选项列表中会看到“{% octicon "zap" aria-label="The zap icon" %} 预构建就绪”标签。 如果仍在创建预构建，您将看到“{% octicon "history" aria-label="The history icon" %} 预构建正在进行中”标签。 更多信息请参阅“[创建代码空间](/codespaces/developing-in-codespaces/creating-a-codespace#creating-a-codespace)”。
 
 ![用于选择计算机类型的对话框](/assets/images/help/codespaces/choose-custom-machine-type.png)
 

translations/zh-CN/content/codespaces/prebuilding-your-codespaces/configuring-prebuilds.md

@@ -50,11 +50,11 @@ permissions: People with admin access to a repository can configure prebuilds fo
 
    * **每次推送**（默认设置）- 使用此设置，每次推送到给定分支时，都会更新预构建配置。 这将确保从预构建模板生成的代码空间始终包含最新的代码空间配置，包括任何最近添加或更新的依赖项。
    * **在配置更改时** - 使用此设置，每次更新给定存储库和分支的关联配置文件时，都会更新预构建配置。 这可确保在从预构建模板生成代码空间时使用对存储库的开发容器配置文件所做的更改。 更新预构建模板的 Actions 工作流程的运行频率较低，因此此选项将使用较少的 Actions 分钟数。 但是，此选项不保证代码空间始终包含最近添加或更新的依赖项，因此在创建代码空间后，可能必须手动添加或更新这些依赖项。
-   * **计划** - 使用此设置，您可以按照自己定义的自定义计划更新预构建配置。 This can reduce consumption of Actions minutes, however, with this option, codespaces may be created that do not use the latest dev container configuration changes.
+   * **计划** - 使用此设置，您可以按照自己定义的自定义计划更新预构建配置。 这可以减少操作分钟数的消耗，但是，使用此选项，可以创建不使用最新开发容器配置更改的代码空间。
 
    ![预构建触发器选项](/assets/images/help/codespaces/prebuilds-triggers.png)
 
-1. Select **Reduce prebuild available to only specific regions** to limit access to your prebuilt image, then select which regions you want it available in. Developers can only create codespaces from a prebuild if they are located in a region you select. By default, your prebuilt image is available to all regions where codespaces is available and storage costs apply for each region.
+1. 选择 **Reduce prebuild available to only specific regions（减少仅对特定区域可用的预构建）**以限制对预构建映像的访问，然后选择希望其在哪些区域可用。 开发人员只能从预构建创建代码空间（如果它们位于所选区域中）。 默认情况下，预构建的映像可用于代码空间可用的所有区域，并且每个区域都适用存储成本。
 
    ![区域选择选项](/assets/images/help/codespaces/prebuilds-regions.png)
 
@@ -66,17 +66,17 @@ permissions: People with admin access to a repository can configure prebuilds fo
 
    {% endnote %}
 
-1. Set the number of prebuild template versions to be retained. You can input any number between 1 and 5. The default number of saved versions is 2, which means that only the latest template version and the previous version are saved.
+1. 设置要保留的预构建模板版本数。 您可以输入 1 到 5 之间的任意数字。 保存版本的默认数量为 2，这意味着仅保存最新的模板版本和以前的版本。
 
-   Depending on your prebuild trigger settings, your prebuild template could change with each push or on each dev container configuration change. Retaining older versions of prebuild templates enables you to create a prebuild from an older commit with a different dev container configuration than the current prebuild template. Since there is a storage cost associated with retaining prebuild template versions, you can choose the number of versions to be retained based on the needs of your team. For more information on billing, see "[About billing for {% data variables.product.prodname_codespaces %}](/billing/managing-billing-for-github-codespaces/about-billing-for-codespaces#codespaces-pricing)."
+   根据预构建触发器设置，预构建模板可能会随每次推送或每次开发容器配置更改而更改。 通过保留旧版本的预构建模板，可以从较旧的提交创建预构建，其开发容器配置与当前预构建模板不同。 由于保留预构建模板版本会产生相关的存储成本，因此您可以根据团队的需求选择要保留的版本数。 有关计费的更多信息，请参阅“[关于 {% data variables.product.prodname_codespaces %} 的计费](/billing/managing-billing-for-github-codespaces/about-billing-for-codespaces#codespaces-pricing)”。
 
-   If you set the number of prebuild template versions to save to 1, {% data variables.product.prodname_codespaces %} will only save the latest version of the prebuild template and will delete the older version each time the template is updated. This means you will not get a prebuilt codespace if you go back to an older dev container configuration.
+   如果要保存的预构建模板版本数设置为 1，{% data variables.product.prodname_codespaces %} 将仅保存预构建模板的最新版本，并在每次更新模板时删除旧版本。 这意味着，如果返回到较旧的开发容器配置，则不会获得预构建的代码空间。
 
-   ![The prebuild template history setting](/assets/images/help/codespaces/prebuilds-template-history-setting.png)
+   ![预构建模板历史记录设置](/assets/images/help/codespaces/prebuilds-template-history-setting.png)
 
-1. Add users or teams to notify when the prebuild workflow run fails for this configuration. You can begin typing a username, team name, or full name, then click the name once it appears to add them to the list. The users or teams you add will receive an email when prebuild failures occur, containing a link to the workflow run logs to help with further investigation.
+1. 添加用户或团队，以便在此配置的预构建工作流程运行失败时发出通知。 您可以开始键入用户名、团队名称或全名，然后在出现名称后点按该名称以将其添加到列表中。 发生预构建失败时，您添加的用户或团队将收到一封电子邮件，其中包含指向工作流程运行日志的链接，以帮助进一步调查。
 
-   ![The prebuild failure notification setting](/assets/images/help/codespaces/prebuilds-failure-notification-setting.png)
+   ![预构建失败通知设置](/assets/images/help/codespaces/prebuilds-failure-notification-setting.png)
 
 1. 单击 **Create（创建）**。
 

translations/zh-CN/content/developers/apps/building-github-apps/creating-a-github-app-using-url-parameters.md

@@ -59,39 +59,39 @@ shortTitle: 应用程序创建查询参数
 
 您可以在查询字符串中选择权限：使用下表中的权限名称作为查询参数名称，使用权限类型作为查询值。 例如，要在用户界面中为 `contents` 选择 `Read & write` 权限，您的查询字符串将包括 `&contents=write`。 要在用户界面中为 `blocking` 选择 `Read-only` 权限，您的查询字符串将包括 `&blocking=read`。 要在用户界面中为 `checks` 选择 `no-access` ，您的查询字符串将包括 `checks` 权限。
 
-| 权限                                                                                                                               | 描述                                                                                                                                                                                                                                                                                |
-| -------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| 权限                                                                                                                               | 描述                                                                                                                                                                                                                                                         |
+| -------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | [`管理`](/rest/reference/permissions-required-for-github-apps/#permission-on-administration)                                       | 对用于组织和仓库管理的各种端点授予访问权限。 可以是以下项之一：`none`、`read` 或 `write`。{% ifversion fpt or ghec %}
 | [`blocking`](/rest/reference/permissions-required-for-github-apps/#permission-on-blocking)                                       | 授予对[阻止用户 API](/rest/reference/users#blocking) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。{% endif %}
 | [`检查`](/rest/reference/permissions-required-for-github-apps/#permission-on-checks)                                               | 授予对[检查 API](/rest/reference/checks) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。{% ifversion ghes < 3.4 %}
 | `content_references`                                                                                                             | 授予对“[创建内容附件](/rest/reference/apps#create-a-content-attachment)”端点的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。{% endif %}
-| [`内容`](/rest/reference/permissions-required-for-github-apps/#permission-on-contents)                                             | 对用于修改仓库内容的各种端点授予访问权限。 可以是以下项之一：`none`、`read` 或 `write`。                                                                                                                                                                                                                           |
+| [`内容`](/rest/reference/permissions-required-for-github-apps/#permission-on-contents)                                             | 对用于修改仓库内容的各种端点授予访问权限。 可以是以下项之一：`none`、`read` 或 `write`。                                                                                                                                                                                                    |
 | [`部署`](/rest/reference/permissions-required-for-github-apps/#permission-on-deployments)                                          | 授予对[部署 API](/rest/reference/repos#deployments) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。{% ifversion fpt or ghes or ghec %}
 | [`emails`](/rest/reference/permissions-required-for-github-apps/#permission-on-emails)                                           | 授予对[电子邮件 API](/rest/reference/users#emails) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。{% endif %}
-| [`关注者`](/rest/reference/permissions-required-for-github-apps/#permission-on-followers)                                           | 授予对[关注者 API](/rest/reference/users#followers) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。                                                                                                                                                                                            |
-| [`gpg_keys`](/rest/reference/permissions-required-for-github-apps/#permission-on-gpg-keys)                                       | 授予对[GPG 密钥 API](/rest/reference/users#gpg-keys) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。                                                                                                                                                                                          |
-| [`议题`](/rest/reference/permissions-required-for-github-apps/#permission-on-issues)                                               | 授予对[议题 API](/rest/reference/issues) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。                                                                                                                                                                                                      |
-| [`键`](/rest/reference/permissions-required-for-github-apps/#permission-on-keys)                                                  | 授予对[公钥 API](/rest/reference/users#keys) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。                                                                                                                                                                                                  |
+| [`关注者`](/rest/reference/permissions-required-for-github-apps/#permission-on-followers)                                           | 授予对[关注者 API](/rest/reference/users#followers) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。                                                                                                                                                                     |
+| [`gpg_keys`](/rest/reference/permissions-required-for-github-apps/#permission-on-gpg-keys)                                       | 授予对[GPG 密钥 API](/rest/reference/users#gpg-keys) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。                                                                                                                                                                   |
+| [`议题`](/rest/reference/permissions-required-for-github-apps/#permission-on-issues)                                               | 授予对[议题 API](/rest/reference/issues) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。                                                                                                                                                                               |
+| [`键`](/rest/reference/permissions-required-for-github-apps/#permission-on-keys)                                                  | 授予对[公钥 API](/rest/reference/users#keys) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。                                                                                                                                                                           |
 | [`members`](/rest/reference/permissions-required-for-github-apps/#permission-on-members)                                         | 授予管理组织成员的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。{% ifversion fpt or ghec %}
-| [`元数据`](/rest/reference/permissions-required-for-github-apps/#metadata-permissions)                                              | 授予对不泄漏敏感数据的只读端点的访问权限。 可以是 `read` 或 `none`。 设置任何权限时，默认值为 `read`；没有为 {% data variables.product.prodname_github_app %} 指定任何权限时，默认值为 `none`。                                                                                                                                        |
+| [`元数据`](/rest/reference/permissions-required-for-github-apps/#metadata-permissions)                                              | 授予对不泄漏敏感数据的只读端点的访问权限。 可以是 `read` 或 `none`。 设置任何权限时，默认值为 `read`；没有为 {% data variables.product.prodname_github_app %} 指定任何权限时，默认值为 `none`。                                                                                                                 |
 | [`organization_administration`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-administration) | 授予对“[更新组织](/rest/reference/orgs#update-an-organization)”端点和[组织交互限制 API](/rest/reference/interactions#set-interaction-restrictions-for-an-organization) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。{% endif %}
-| [`organization_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-hooks)                   | 授予对[组织 web 挂钩 API](/rest/reference/orgs#webhooks/) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。                                                                                                                                                                                       |
-| `organization_plan`                                                                                                              | 授予使用“[获取组织](/rest/reference/orgs#get-an-organization)”端点获取有关组织计划的信息的权限。 可以是以下项之一：`none` 或 `read`。                                                                                                                                                                                 |
+| [`organization_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-hooks)                   | 授予对[组织 web 挂钩 API](/rest/reference/orgs#webhooks/) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。                                                                                                                                                                |
+| `organization_plan`                                                                                                              | 授予使用“[获取组织](/rest/reference/orgs#get-an-organization)”端点获取有关组织计划的信息的权限。 可以是以下项之一：`none` 或 `read`。                                                                                                                                                          |
 | [`organization_projects`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-projects)             | 授予对[项目 API](/rest/reference/projects) 的访问权限。 可以是以下项之一：`none`、`read`、`write` 或 `admin`。{% ifversion fpt or ghec %}
 | [`organization_user_blocking`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-projects)        | 授予对[阻止组织用户 API](/rest/reference/orgs#blocking) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。{% endif %}
-| [`页面`](/rest/reference/permissions-required-for-github-apps/#permission-on-pages)                                                | 授予对[页面 API](/rest/reference/repos#pages) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。                                                                                                                                                                                                 |
-| `plan`                                                                                                                           | 授予使用“[获取用户](/rest/reference/users#get-a-user)”端点获取有关用户 GitHub 计划的信息的权限。 可以是以下项之一：`none` 或 `read`。                                                                                                                                                                                 |
-| [`pull_requests`](/rest/reference/permissions-required-for-github-apps/#permission-on-pull-requests)                             | 授予对各种拉取请求端点的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。                                                                                                                                                                                                                               |
-| [`repository_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-repository-hooks)                       | 授予对[仓库 web 挂钩 API](/rest/reference/repos#hooks) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。                                                                                                                                                                                          |
+| [`页面`](/rest/reference/permissions-required-for-github-apps/#permission-on-pages)                                                | 授予对[页面 API](/rest/reference/repos#pages) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。                                                                                                                                                                          |
+| `plan`                                                                                                                           | 授予使用“[获取用户](/rest/reference/users#get-a-user)”端点获取有关用户 GitHub 计划的信息的权限。 可以是以下项之一：`none` 或 `read`。                                                                                                                                                          |
+| [`pull_requests`](/rest/reference/permissions-required-for-github-apps/#permission-on-pull-requests)                             | 授予对各种拉取请求端点的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。                                                                                                                                                                                                        |
+| [`repository_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-repository-hooks)                       | 授予对[仓库 web 挂钩 API](/rest/reference/repos#hooks) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。                                                                                                                                                                   |
 | [`repository_projects`](/rest/reference/permissions-required-for-github-apps/#permission-on-repository-projects)                 | 授予对[项目 API](/rest/reference/projects) 的访问权限。 可以是以下项之一：`none`、`read`、`write` 或 `admin`。{% ifversion ghes or ghec %}
 | [`secret_scanning_alerts`](/rest/reference/permissions-required-for-github-apps/#permission-on-secret-scanning-alerts)           | 授予对[密钥扫描 API](/rest/reference/secret-scanning) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。{% endif %}{% ifversion fpt or ghes or ghec %}
 | [`security_events`](/rest/reference/permissions-required-for-github-apps/#permission-on-security-events)                         | 授予对[代码扫描 API](/rest/reference/code-scanning/) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。{% endif %}
-| [`single_file`](/rest/reference/permissions-required-for-github-apps/#permission-on-single-file)                                 | 授予对[内容 API](/rest/reference/repos#contents) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。                                                                                                                                                                                              |
-| [`标星`](/rest/reference/permissions-required-for-github-apps/#permission-on-starring)                                             | 授予对[标星 API](/rest/reference/activity#starring) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。                                                                                                                                                                                           |
-| [`状态`](/rest/reference/permissions-required-for-github-apps/#permission-on-statuses)                                             | 授予对[状态 API](/rest/reference/commits#commit-statuses) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。                                                                                                                                                                                     |
+| [`single_file`](/rest/reference/permissions-required-for-github-apps/#permission-on-single-file)                                 | 授予对[内容 API](/rest/reference/repos#contents) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。                                                                                                                                                                       |
+| [`标星`](/rest/reference/permissions-required-for-github-apps/#permission-on-starring)                                             | 授予对[标星 API](/rest/reference/activity#starring) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。                                                                                                                                                                    |
+| [`状态`](/rest/reference/permissions-required-for-github-apps/#permission-on-statuses)                                             | 授予对[状态 API](/rest/reference/commits#commit-statuses) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。                                                                                                                                                              |
 | [`team_discussions`](/rest/reference/permissions-required-for-github-apps/#permission-on-team-discussions)                       | 授予对[团队讨论 API](/rest/reference/teams#discussions) 和[团队讨论注释 API](/rest/reference/teams#discussion-comments) 的访问权限。 可以是以下项之一：`none`、`read` 或 `write`。{% ifversion fpt or ghes or ghae or ghec %}
-| `vulnerability_alerts`                                                                                                           | 授予接收存储库中易受攻击的依赖项 {% data variables.product.prodname_dependabot_alerts %}。 请参阅“[关于 {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)”以了解更多信息。 可以是以下项之一：`none` 或 `read`。{% endif %}
-| `关注`                                                                                                                             | 授予列出和更改用户订阅的仓库的权限。 可以是以下项之一：`none`、`read` 或 `write`。                                                                                                                                                                                                                              |
+| `vulnerability_alerts`                                                                                                           | 授予接收存储库中的 {% data variables.product.prodname_dependabot_alerts %}。 请参阅“[关于 {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)”以了解更多信息。 可以是以下项之一：`none` 或 `read`。{% endif %}
+| `关注`                                                                                                                             | 授予列出和更改用户订阅的仓库的权限。 可以是以下项之一：`none`、`read` 或 `write`。                                                                                                                                                                                                       |
 
 ## {% data variables.product.prodname_github_app %} web 挂钩事件
 

translations/zh-CN/content/developers/apps/building-github-apps/identifying-and-authorizing-users-for-github-apps.md

@@ -159,7 +159,7 @@ curl -H "Authorization: token OAUTH-TOKEN" {% data variables.product.api_url_pre
 
 ## 用户到服务器请求
 
-虽然大多数 API 交互应使用服务器到服务器安装访问令牌进行，但某些端点允许您使用用户访问令牌通过 API 执行操作。 Your app can make the following requests using [GraphQL]({% ifversion ghec %}/free-pro-team@latest{% endif %}/graphql) or [REST](/rest) endpoints.
+虽然大多数 API 交互应使用服务器到服务器安装访问令牌进行，但某些端点允许您使用用户访问令牌通过 API 执行操作。 您的应用程序可以使用[GraphQL]({% ifversion ghec %}/free-pro-team@latest{% endif %}/graphql) 或 [REST](/rest) 端点发出以下请求。
 
 ### 支持的端点
 

translations/zh-CN/content/get-started/exploring-projects-on-github/saving-repositories-with-stars.md

@@ -43,11 +43,13 @@ shortTitle: 保存有星标的仓库
 
 ## 查看谁为存储库加了星标
 
+
 您可以查看已为您有权访问的公共存储库或私有存储库加星标的每个人。
 
 
 要查看已为存储库加星标的每个人，请将 `/stargazers` 添加到存储库 URL 的末尾。 例如，要查看 github/docs 存储库的标星者，请访问 https://github.com/github/docs/stargazers。
 
+
 ## 使用列表组织带星标的存储库
 
 {% note %}

translations/zh-CN/content/get-started/learning-about-github/githubs-products.md

@@ -115,4 +115,5 @@ In addition to the features available with {% data variables.product.prodname_te
 
 You can set up a trial to evaluate {% data variables.product.prodname_ghe_cloud %}. For more information, see "<a href="/articles/setting-up-a-trial-of-github-enterprise-cloud" class="dotcom-only">Setting up a trial of {% data variables.product.prodname_ghe_cloud %}</a>."
 
-For more information about hosting your own instance of [{% data variables.product.prodname_ghe_server %}](https://enterprise.github.com), contact {% data variables.contact.contact_enterprise_sales %}. {% data reusables.enterprise_installation.request-a-trial %}
+For more information about hosting your own instance of {% data variables.product.prodname_ghe_server %}, including setting up a trial, see "[About {% data variables.product.prodname_ghe_server %}](/enterprise-server/admin/overview/about-github-enterprise-server)."
+

translations/zh-CN/content/get-started/onboarding/getting-started-with-github-enterprise-server.md

@@ -14,7 +14,7 @@ This guide will walk you through setting up, configuring and managing {% data va
 
 {% data variables.product.company_short %} hosts {% data variables.product.prodname_ghe_cloud %}. You can deploy and host {% data variables.product.prodname_ghe_server %} in your own datacenter or a supported cloud provider.
 
-For an overview of how {% data variables.product.product_name %} works, see "[System overview](/admin/overview/system-overview)."
+For more information about {% data variables.product.product_name %}, see "[About {% data variables.product.prodname_ghe_server %}](/admin/overview/about-github-enterprise-server)."
 
 ## Part 1: Installing {% data variables.product.product_name %}
 To get started with {% data variables.product.product_name %}, you will need to create your enterprise account, install the instance, use the Management Console for initial setup, configure your instance, and manage billing. 

translations/zh-CN/content/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository.md

@@ -45,5 +45,5 @@ When you enable data use for your private repository, you'll be able to access t
 ## Further reading
 
 - "[About {% data variables.product.prodname_dotcom %}'s use of your data](/articles/about-github-s-use-of-your-data)"
-- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)"
+- "[Viewing and updatng {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts)"
 - "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)"

translations/zh-CN/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server.md

@@ -17,7 +17,7 @@ shortTitle: Enterprise Server 试用版
 
 ## 关于 {% data variables.product.prodname_ghe_server %} 试用版
 
-您可以申请 45 天试用版来试用 {% data variables.product.prodname_ghe_server %}。 您的试用版将作为虚拟设备安装，带有内部或云部署选项。 有关支持的可视化平台列表，请参阅“[设置 GitHub Enterprise Server 实例](/enterprise-server@latest/admin/installation/setting-up-a-github-enterprise-server-instance)”。
+您可以申请 45 天试用版来试用 {% data variables.product.prodname_ghe_server %}。 您的试用版将作为虚拟设备安装，带有内部或云部署选项。 有关 {% data variables.product.prodname_ghe_server %} 的详细信息以及受支持的虚拟化平台的列表，请参阅“[关于 {% data variables.product.prodname_ghe_server %}](/enterprise-server/admin/overview/about-github-enterprise-server)”。
 
 {% ifversion ghes %}{% data variables.product.prodname_dependabot %}{% else %}安全{% endif %}警报和 {% data variables.product.prodname_github_connect %} 目前在 {% data variables.product.prodname_ghe_server %} 试用版中不可用。 要获取这些功能的演示，请联系 {% data variables.contact.contact_enterprise_sales %}。 有关这些功能的详细信息，请参阅“[关于 {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)”和“[将企业帐户连接到 {% data variables.product.prodname_ghe_cloud %}](/enterprise-server@latest/admin/configuration/managing-connections-between-your-enterprise-accounts/connecting-your-enterprise-account-to-github-enterprise-cloud)”。
 

translations/zh-CN/content/graphql/guides/using-global-node-ids.md

@@ -12,7 +12,7 @@ topics:
   - API
 ---
 
-您可以使用 REST API 或 GraphQL API 访问 GitHub 中的大多数对象（用户、议题、拉取请求等）。 您可以从 REST API 中找到许多对象的**全局节点 ID** ，并在 GraphQL 操作中使用这些 ID。 For more information, see "[Preview GraphQL API Node IDs in REST API resources](https://developer.github.com/changes/2017-12-19-graphql-node-id/)."
+您可以使用 REST API 或 GraphQL API 访问 GitHub 中的大多数对象（用户、议题、拉取请求等）。 您可以从 REST API 中找到许多对象的**全局节点 ID** ，并在 GraphQL 操作中使用这些 ID。 更多信息请参阅“[预览 REST API 资源中的 GraphQL API 节点 ID](https://developer.github.com/changes/2017-12-19-graphql-node-id/)”。
 
 {% note %}
 

translations/zh-CN/content/graphql/overview/resource-limitations.md

@@ -14,7 +14,7 @@ topics:
 
 ## 节点限制
 
-To pass [schema](/graphql/guides/introduction-to-graphql#schema) validation, all GraphQL API [calls](/graphql/guides/forming-calls-with-graphql) must meet these standards:
+要通过[架构](/graphql/guides/introduction-to-graphql#schema)验证，所有 GraphQL API [调用](/graphql/guides/forming-calls-with-graphql)都必须满足这些标准：
 
 * 客户端必须提供任何[连接](/graphql/guides/introduction-to-graphql#connection)上的 `first` 或 `last` 参数。
 * `first` 和 `last` 的值必须在 1 至 100 之间。
@@ -130,30 +130,30 @@ To pass [schema](/graphql/guides/introduction-to-graphql#schema) validation, all
 
 ## 速率限制
 
-The GraphQL API limit is different from the REST API's [rate limits](/rest/overview/resources-in-the-rest-api#rate-limiting).
+GraphQL API 的限制不同于 REST API [速率限制](/rest/overview/resources-in-the-rest-api#rate-limiting)。
 
 API 速率限制为什么不同？ 使用 [GraphQL](/graphql)，一个 GraphQL 调用可替换[多个 REST 调用](/graphql/guides/migrating-from-rest-to-graphql)。 单个复杂 GraphQL 调用可能相当于数千个 REST 请求。 虽然单个 GraphQL 调用远远低于 REST API v3 速率限制，但对 GitHub 的服务器来说，查询的计算成本可能同样高昂。
 
-To accurately represent the server cost of a query, the GraphQL API calculates a call's **rate limit score** based on a normalized scale of points. 查询分数计入了父连接及其子连接上的第一个和最后一个参数。
+要准确表示查询的服务器成本，GraphQL API 可根据标准分数量表计算调用的 **rate limit score（速率限制分数）**。 查询分数计入了父连接及其子连接上的第一个和最后一个参数。
 
 * 计算公式利用父连接及其子连接上的 `first` 和 `last` 参数预计算 GitHub 系统上的潜在负载，如 MySQL、ElasticSearch 和 Git。
 * 每个连接都有自己的点值。 此点值与调用的其他点数相结合，计入总速率限制分数。
 
-The GraphQL API rate limit is **5,000 points per hour**.
+GraphQL API 的速率限制为 **5,000 points per hour（每小时 5,000 点）**。
 
-Note that 5,000 points per hour is not the same as 5,000 calls per hour: the GraphQL API and REST API use different rate limits.
+请注意，每小时 5,000 点与每小时 5,000 个调用不同：GraphQL API 和 REST API 使用的速率限制不同。
 
 {% note %}
 
-**Note**: The current formula and rate limit are subject to change as we observe how developers use the GraphQL API.
+**注**：在我们观察开发者如何使用 GraphQL API 时，当前公式和速率限制可能会发生变化。
 
 {% endnote %}
 
 ### 返回调用的速率限制状态
 
-With the REST API, you can check the rate limit status by [inspecting](/rest/overview/resources-in-the-rest-api#rate-limiting) the returned HTTP headers.
+使用 REST API，可以通过[检查](/rest/overview/resources-in-the-rest-api#rate-limiting)返回的 HTTP 标头查看速率限制状态。
 
-With the GraphQL API, you can check the rate limit status by querying fields on the `rateLimit` object:
+使用 GraphQL API，可以通过查询 `rateLimit` 对象上的字段查看速率限制状态。
 
 ```graphql
 query {
@@ -186,7 +186,7 @@ query {
 
 {% note %}
 
-**Note**: The minimum cost of a call to the GraphQL API is **1**, representing a single request.
+**注**：GraphQL API 的最低调用成本是 **1**，表示单个请求。
 
 {% endnote %}
 

translations/zh-CN/content/issues/trying-out-the-new-projects-experience/index.md

@@ -12,6 +12,7 @@ children:
   - /about-projects
   - /quickstart
   - /creating-a-project
+  - /migrating-your-project
   - /managing-iterations
   - /customizing-your-project-views
   - /filtering-projects

translations/zh-CN/content/issues/trying-out-the-new-projects-experience/migrating-your-project.md

@@ -0,0 +1,60 @@
+---
+title: Migrating your project to Projects (beta)
+intro: You can migrate your projects from the old projects experience to Projects (beta).
+allowTitleToDifferFromFilename: true
+miniTocMaxHeadingLevel: 2
+versions:
+  fpt: '*'
+  ghec: '*'
+topics:
+  - Projects
+  - Organizations
+---
+
+{% note %}
+
+**注意：**
+
+- Projects (beta) is currently in public beta and subject to change.
+- If the project you are migrating contains more than 1200 items, open issues will be prioritized followed by open pull requests and then notes. Remaining space will be used for closed issues, merged pull requested, and closed pull requests. Items that cannot be migrated due to this limit will be moved to the archive. If the archive limit of 10,000 items is reached, additional items will not be migrated.
+- Note cards are converted to draft issues, and the contents are saved to the body of the draft issue. If information appears to be missing, make any hidden fields visible. For more information, see "[Showing and hiding fields](/issues/trying-out-the-new-projects-experience/customizing-your-project-views#showing-and-hiding-fields)."
+- Automation will not be migrated.
+- Triage, archive, and activity will not be migrated.
+- After migration, the new migrated project and old project will not be kept in sync.
+
+{% endnote %}
+
+## About project migration
+
+You can migrate your project boards to the all new projects (beta) experience and try out tables, multiple views, new automation options, and powerful field types. 更多信息请参阅“[关于项目（测试版）](/issues/trying-out-the-new-projects-experience/about-projects)”。
+
+## Migrating an organization project board
+
+{% data reusables.projects.enable-migration %}
+{% data reusables.profile.access_org %}
+{% data reusables.user-settings.access_org %}
+{% data reusables.organizations.organization-wide-project %}
+1. On the left, click **Projects (classic)**. ![Screenshot showing Projects (classic) menu option}](/assets/images/help/issues/projects-classic-org.png)
+{% data reusables.projects.migrate-project-steps %}
+
+## Migrating a user project board
+
+{% data reusables.projects.enable-migration %}
+{% data reusables.profile.access_profile %}
+1. 在个人资料页面顶部的主导航栏中，单击 {% octicon "project" aria-label="The project board icon" %} **Projects（项目）**。 ![项目选项卡](/assets/images/help/projects/user-projects-tab.png)
+1. Above the list of projects, click **Projects (classic)**. ![Screenshot showing Projects (classic) menu option}](/assets/images/help/issues/projects-classic-user.png)
+{% data reusables.projects.migrate-project-steps %}
+
+## Migrating a repository project board
+
+{% note %}
+
+**Note:** Projects (beta) does not support repository level projects. When you migrate a repository project board, it will migrate to either the organization or personal account that owns the repository project, and the migrated project will be pinned to the original repository.
+
+{% endnote %}
+
+{% data reusables.projects.enable-migration %}
+{% data reusables.repositories.navigate-to-repo %}
+1. 在仓库名称下，单击 {% octicon "project" aria-label="The project board icon" %} **Projects（项目）**。 ![项目选项卡](/assets/images/help/projects/repo-tabs-projects.png)
+1. Click **Projects (classic)**. ![Screenshot showing Projects (classic) menu option}](/assets/images/help/issues/projects-classic-org.png)
+{% data reusables.projects.migrate-project-steps %}

translations/zh-CN/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md

@@ -76,7 +76,7 @@ To search for specific events, use the `action` qualifier in your query. Actions
 | [`repository_secret_scanning`](#repository_secret_scanning-category-actions) | Contains repository-level activities related to secret scanning. For more information, see "[About secret scanning](/github/administering-a-repository/about-secret-scanning)." {% endif %}{% ifversion secret-scanning-audit-log-custom-patterns %}
 | [`repository_secret_scanning_custom_pattern`](#respository_secret_scanning_custom_pattern-category-actions) | Contains repository-level activities related to secret scanning custom patterns. For more information, see "[Defining custom patterns for secret scanning](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)." {% endif %}{% ifversion secret-scanning-audit-log-custom-patterns %}
 | [`repository_secret_scanning_push_protection`](#respository_secret_scanning_push_protection) | Contains repository-level activities related to secret scanning custom patterns. For more information, see "[Protecting pushes with secert scanning](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)." {% endif %}{% ifversion fpt or ghes or ghae or ghec %}
-| [`repository_vulnerability_alert`](#repository_vulnerability_alert-category-actions) | Contains all activities related to [{% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies).{% endif %}{% ifversion fpt or ghec %}
+| [`repository_vulnerability_alert`](#repository_vulnerability_alert-category-actions) | Contains all activities related to [{% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).{% endif %}{% ifversion fpt or ghec %}
 | [`repository_vulnerability_alerts`](#repository_vulnerability_alerts-category-actions) | Contains repository-level configuration activities for {% data variables.product.prodname_dependabot_alerts %}.{% endif %}{% ifversion custom-repository-roles %}
 | [`role`](#role-category-actions) | Contains all activities related to [custom repository roles](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization).{% endif %}{% ifversion ghes or ghae or ghec %}
 | [`secret_scanning`](#secret_scanning-category-actions) | Contains organization-level configuration activities for secret scanning in existing repositories. For more information, see "[About secret scanning](/github/administering-a-repository/about-secret-scanning)."
@@ -720,7 +720,7 @@ For more information, see "[Managing the publication of {% data variables.produc
 
 | Action | Description
 |------------------|-------------------
-| `authorized_users_teams` | Triggered when an organization owner or a person with admin permissions to the repository updates the list of people or teams authorized to receive {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies in the repository. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)."
+| `authorized_users_teams` | Triggered when an organization owner or a person with admin permissions to the repository updates the list of people or teams authorized to receive {% data variables.product.prodname_dependabot_alerts %} for the repository. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)."
 | `disable` | Triggered when a repository owner or person with admin access to the repository disables {% data variables.product.prodname_dependabot_alerts %}.
 | `enable` | Triggered when a repository owner or person with admin access to the repository enables {% data variables.product.prodname_dependabot_alerts %}.
 
@@ -761,6 +761,14 @@ For more information, see "[Managing the publication of {% data variables.produc
 | `enable` | Triggered when an organization owner enables secret scanning for all new {% ifversion ghec %}private or internal {% endif %}repositories.
 {% endif %}
 
+{% ifversion secret-scanning-push-protection-bypasses %}
+### `secret_scanning_push_protection` category actions
+
+| Action | Description
+|------------------|-------------------
+| `bypass` | Triggered when a user bypasses the push protection on a secret detected by secret scanning. For more information, see "[Bypassing push protection for a secret](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#bypassing-push-protection-for-a-secret)."
+{% endif %}
+
 {% ifversion fpt or ghec %}
 ### `sponsors` category actions
 

translations/zh-CN/content/organizations/managing-access-to-your-organizations-repositories/repository-roles-for-an-organization.md

@@ -160,7 +160,7 @@ shortTitle: 存储库角色
 
 | 仓库操作                                                                                                                                                                                                            |  读取   |  分类   |                           写入                           |                           维护                           |                                                管理员                                                |
 |:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |:-----:|:-----:|:------------------------------------------------------:|:------------------------------------------------------:|:-------------------------------------------------------------------------------------------------:|{% ifversion fpt or ghes or ghae or ghec %}
-| 接收仓库中[易受攻击的依赖项的 {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)                                                       |       |       |                                                        |                                                        |                                               **X**                                               |
+| 接收仓库中[非安全依赖项的 {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)                                                         |       |       |                                                        |                                                        |                                               **X**                                               |
 | [忽略 {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository)                                            |       |       |                                                        |                                                        |   **X** |{% endif %}{% ifversion ghes or ghae or ghec %}<!--Not available for FPT-->
 |
 | [指定其他人员或团队接收安全警报](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)                                                            |       |       |                                                        |                                                        |                           **X** |{% endif %}{% ifversion fpt or ghec %}

translations/zh-CN/content/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization.md

@@ -130,7 +130,7 @@ shortTitle: 组织中的角色
 | 转让仓库                                                                                                                                                                                                                                          | **X** |       |       |       |                             |
 | 购买、安装、管理其帐单以及取消 {% data variables.product.prodname_marketplace %} 应用程序                                                                                                                                                                        | **X** |       |       |       |                             |
 | 列出 {% data variables.product.prodname_marketplace %} 中的应用程序                                                                                                                                                                                   | **X** |       |       |       |                             |
-| 接收所有组织仓库[关于易受攻击的依赖项的 {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)                                                                           | **X** |       |       |       |            **X**            |
+| 接收所有组织仓库[关于非安全依赖项的 {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)                                                                                            | **X** |       |       |       |            **X**            |
 | 管理 {% data variables.product.prodname_dependabot_security_updates %}（请参阅“[关于 {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)”）            | **X** |       |       |       |            **X**            |
 | [管理复刻策略](/organizations/managing-organization-settings/managing-the-forking-policy-for-your-organization)                                                                                                                                     | **X** |       |       |       |                             |
 | [限制组织中公共仓库的活动](/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization)                                                                                                                                 | **X** |       |       |       |                             |

translations/zh-CN/content/packages/learn-github-packages/introduction-to-github-packages.md

@@ -41,6 +41,12 @@ You can integrate {% data variables.product.prodname_registry %} with {% ifversi
 
 You can view a package's README, as well as metadata such as licensing, download statistics, version history, and more on {% data variables.product.product_name %}. For more information, see "[Viewing packages](/packages/manage-packages/viewing-packages)."
 
+{% ifversion ghes %}
+
+For more information about the configuration of {% data variables.product.prodname_registry %} on {% data variables.product.product_name %}, see "[Getting started with {% data variables.product.prodname_registry %} for your enterprise](/admin/packages/getting-started-with-github-packages-for-your-enterprise)."
+
+{% endif %}
+
 ### Overview of package permissions and visibility
 
 |                    |        |

translations/zh-CN/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/filtering-files-in-a-pull-request.md

@@ -48,7 +48,7 @@ shortTitle: 筛选文件
 
    {% endnote %}
 
-   ![Screenshot of filter changed files search box and file tree emphasized](/assets/images/help/repository/file-tree.png)
+   ![突出显示筛选器已更改文件搜索框和文件树的屏幕截图](/assets/images/help/repository/file-tree.png)
 1. 要按文件路径进行筛选，请在 **Filter changed files（筛选已更改的文件）**搜索框中输入部分或全部文件路径。 或者，使用文件筛选器下拉列表。 更多信息请参阅“[使用文件筛选器下拉列表](#using-the-file-filter-dropdown)”。
 
 {% endif %}

translations/zh-CN/content/pull-requests/committing-changes-to-your-project/creating-and-editing-commits/about-commits.md

@@ -44,7 +44,7 @@ versions:
 
 ## 使用文件树
 
-You can use the file tree to navigate between files in a commit.
+您可以使用文件树在提交中的文件之间导航。
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.navigate-to-commit-page %}
@@ -53,11 +53,11 @@ You can use the file tree to navigate between files in a commit.
 
   {% note %}
 
-  **Note**: The file tree will not display if your screen width is too narrow or if the commit only includes one file.
+  **注意**：如果您的屏幕太窄或提交仅包含一个文件，则不会显示文件树。
 
   {% endnote %}
 
-  ![Screenshot of filter changed files search box and file tree emphasized](/assets/images/help/repository/file-tree.png)
+  ![突出显示筛选器已更改文件搜索框和文件树的屏幕截图](/assets/images/help/repository/file-tree.png)
 1. 要按文件路径进行筛选，请在 **Filter changed files（筛选已更改的文件）**搜索框中输入部分或全部文件路径。
 
 {% endif %}

translations/zh-CN/content/rest/dependency-graph/dependency-submission.md

@@ -0,0 +1,17 @@
+---
+title: Dependency submission
+intro: 'The Dependency submission API allows you to submit dependencies for projects, such as the dependencies resolved when a project is built or compiled.'
+versions:
+  feature: dependency-submission-api
+miniTocMaxHeadingLevel: 3
+---
+
+## About the Dependency submission API
+
+{% data reusables.dependency-submission.dependency-submission-api-beta %}
+
+{% data reusables.dependency-submission.about-dependency-submission %}
+
+Dependencies are submitted to the dependency submission API in the form of a snapshot. A snapshot is a set of dependencies associated with a commit SHA and other metadata, that reflects the current state of your repository for a commit.  You can choose to use pre-made actions or create your own actions to submit your dependencies to the dependency submission API in the required format each time your project is built. For more information about using the Dependency submission API, see "[Using the Dependency submission API](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)."
+
+You can submit multiple sets of dependencies to the Dependency submission API to be included in your dependency graph. The API uses the `job.correlator` property and the `detector.name` category of the snapshot to ensure the latest submissions for each workflow get shown. The `correlator` property itself is the primary field you will use to keep independent submissions distinct. An example `correlator` could be a simple combination of two variables available in actions runs: `<GITHUB_WORKFLOW> <GITHUB_JOB>`.

translations/zh-CN/content/rest/dependency-graph/index.md

@@ -11,6 +11,7 @@ topics:
 miniTocMaxHeadingLevel: 3
 children:
   - /dependency-review
+  - /dependency-submission
 redirect_from:
   - /rest/reference/dependency-graph
 ---

translations/zh-CN/content/support/learning-about-github-support/about-github-premium-support.md

@@ -48,16 +48,16 @@ There are two {% data variables.contact.premium_support %} plans: Premium and Pr
 | Training | Access to premium content  | <ul><li>Access to premium content</li><li>1 virtual training class per year</li></ul> |
 | Members with support entitlements | 10 | 25 |
 | Resources | Priority ticket handling | <ul><li>Priority ticket handling</li><li>Named Customer Reliability Engineer</li></ul>   |
-| Scheduled checks| Bi-annual health check and reporting             | <ul><li>Quarterly health check and reporting</li><li>Quarterly account reviews</li></ul>    |
-| Administration assistance| None | 4 hours per month  |
+| Health Checks | Unlimited automated Health Check reports (see "[Generating a Health Check for your enterprise]({% ifversion not ghes%}/enterprise-server@latest{% endif %}/admin/enterprise-management/monitoring-your-appliance/generating-a-health-check-for-your-enterprise)") | <ul><li>Unlimited automated Health Check reports (see "[Generating a Health Check for your enterprise]({% ifversion not ghes%}/enterprise-server@latest{% endif %}/admin/enterprise-management/monitoring-your-appliance/generating-a-health-check-for-your-enterprise)")</li><li>Unlimited enhanced Health Checks, with findings, interpretations, and recommendations from a Customer Reliability Engineer (by request)</li></ul>    |
+| Technical advisory hours| None | 4 hours per month  |
+| Application upgrade assistance | None | By request |
+| Cloud planning | None | By request |
 
   {% note %}
 
   **Notes:**
-  - Scheduled checks are limited to one organization per term. You can add scheduled checks for additional organizations at any time for an additional fee by [contacting our account management team](https://enterprise.github.com/contact) or calling [+1 (877) 448-4820](tel:+1-877-448-4820).{% ifversion ghes %}
-  - You can generate a Health Check at any time by uploading a support bundle. For more information, see "[Generating a Health Check for your enterprise](/admin/enterprise-management/monitoring-your-appliance/generating-a-health-check-for-your-enterprise)."{% endif %}
-  - For the {% data variables.product.premium_plus_support_plan %}, 50% of unused Managed Services hours roll over to the next month and expire at the end of the quarter.
   - Enterprise owners and billing managers automatically have a support entitlement. Enterprise owners can add support entitlements to members of organizations owned by their enterprise account. For more information, see "[Managing support entitlements for your enterprise](/enterprise-cloud@latest/admin/user-management/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise)."
+  - For the {% data variables.product.premium_plus_support_plan %}, 50% of unused Managed Services hours roll over to the next month and expire at the end of the quarter.
 
   {% endnote %}
 

translations/zh-CN/data/features/GH-advisory-db-supports-malware.yml

@@ -0,0 +1,7 @@
+---
+#Reference: Issue #7088 GitHub Advisory Database now supports advisories for malware
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>3.5'
+  ghae: 'issue-7088'

translations/zh-CN/data/features/dependency-submission-api.yml

@@ -0,0 +1,8 @@
+---
+#Reference: #6397
+#Documentation for dependency submission API (beta)
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>3.6'
+  ghae: 'issue-6397'

translations/zh-CN/data/features/secret-scanning-custom-enterprise-35.yml

@@ -0,0 +1,8 @@
+---
+#Issues: changes to custom patterns for secret scanning
+##6367: updates for the "organization level dry runs (Public Beta)"
+##5499: updates for the "repository level dry runs (Public Beta)"
+versions:
+  ghec: '*'
+  ghes: '>3.4'
+  ghae: 'issue-6367'

translations/zh-CN/data/features/secret-scanning-custom-enterprise-36.yml

@@ -0,0 +1,8 @@
+---
+#Issues: changes to custom patterns for secret scanning
+##6904: updates for "enterprise account level dry runs (Public Beta)"
+##7297: updates for dry runs on editing patterns (Public Beta)
+versions:
+  ghec: '*'
+  ghes: '>3.5'
+  ghae: 'issue-6904'

translations/zh-CN/data/features/secret-scanning-enterprise-dry-runs.yml

@@ -1,7 +0,0 @@
----
-#Issue #6904
-#Documentation for the "enterprise account level dry runs (Public Beta)" for custom patterns under secret scanning
-versions:
-  ghec: '*'
-  ghes: '>3.5'
-  ghae: 'issue-6904'

translations/zh-CN/data/features/secret-scanning-org-dry-runs.yml

@@ -1,7 +0,0 @@
----
-#Issue #6367
-#Documentation for the "org level dry runs (Public Beta)" for custom patterns under secret scanning
-versions:
-  ghec: '*'
-  ghes: '>3.4'
-  ghae: 'issue-6367'

translations/zh-CN/data/features/secret-scanning-push-protection-bypasses.yml

@@ -0,0 +1,7 @@
+---
+#Reference: #7298.
+#Documentation for new events related to secret scanning push protection bypasses, e.g. audit log.
+versions:
+  ghec: '*'
+  ghes: '>=3.6'
+  ghae: 'issue-7298'

translations/zh-CN/data/graphql/ghec/graphql_upcoming_changes.public.yml

@@ -100,8 +100,8 @@ upcoming_changes:
     owner: cheshire137
   - 
     location: DependencyGraphDependency.packageLabel
-    description: '`packageLabel` will be removed. Use normalized `packageName` field instead.'
-    reason: '`packageLabel` will be removed.'
+    description: '`packageLabel` 将被删除。请使用规范化的 `packageName` 字段。'
+    reason: '`packageLabel` 将被删除。'
     date: '2022-10-01T00:00:00+00:00'
     criticality: 重大
     owner: github/dependency_graph

translations/zh-CN/data/graphql/graphql_upcoming_changes.public.yml

@@ -100,8 +100,8 @@ upcoming_changes:
     owner: cheshire137
   - 
     location: DependencyGraphDependency.packageLabel
-    description: '`packageLabel` will be removed. Use normalized `packageName` field instead.'
-    reason: '`packageLabel` will be removed.'
+    description: '`packageLabel` 将被删除。请使用规范化的 `packageName` 字段。'
+    reason: '`packageLabel` 将被删除。'
     date: '2022-10-01T00:00:00+00:00'
     criticality: 重大
     owner: github/dependency_graph

translations/zh-CN/data/learning-tracks/code-security.yml

@@ -15,8 +15,8 @@ security_advisories:
     - /code-security/repository-security-advisories/removing-a-collaborator-from-a-repository-security-advisory
 #Feature available on dotcom and GHES 3.3+, so articles available on GHAE and earlier GHES hidden to hide the learning track
 dependabot_alerts:
-  title: '获取漏洞依赖项的通知'
-  description: '设置 Dependabot 提醒您的依赖项中有新漏洞。'
+  title: 'Get notifications for insecure dependencies'
+  description: 'Set up Dependabot to alert you to new vulnerabilities{% ifversion GH-advisory-db-supports-malware %} or malware{% endif %} in your dependencies.'
   guides:
     - /code-security/dependabot/dependabot-alerts/about-dependabot-alerts
     - '{% ifversion fpt or ghec or ghes > 3.2 %}/github/administering-a-repository/managing-repository-settings/managing-security-and-analysis-settings-for-your-repository{% endif %}'

translations/zh-CN/data/release-notes/enterprise-server/3-0/22.yml

@@ -2,8 +2,8 @@
 date: '2021-12-13'
 sections:
   security_fixes:
-    - '{% octicon "alert" aria-label="The alert icon" %} **Critical:** A remote code execution vulnerability in the Log4j library, identified as [CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228), affected all versions of {% data variables.product.prodname_ghe_server %} prior to 3.3.1. The Log4j library is used in an open source service running on the {% data variables.product.prodname_ghe_server %} instance. This vulnerability was fixed in {% data variables.product.prodname_ghe_server %} versions 3.0.22, 3.1.14, 3.2.6, and 3.3.1.  For more information, please see [this post](https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/) on the GitHub Blog.'
-    - '**December 17, 2021 update**: The fixes in place for this release also mitigate [CVE-2021-45046](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046), which was published after this release. No additional upgrade for {% data variables.product.prodname_ghe_server %} is required to mitigate both CVE-2021-44228 and CVE-2021-45046.'
+    - '{% octicon "alert" aria-label="The alert icon" %} **严重：** Log4j 库中的远程执行代码漏洞（标识为 [CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228)）影响了 3.3.1 之前所有版本的 {% data variables.product.prodname_ghe_server %} 。Log4j 库用于在 {% data variables.product.prodname_ghe_server %} 实例上运行的开源服务中。此漏洞已在 {% data variables.product.prodname_ghe_server %} 版本 3.0.22、3.1.14、3.2.6 和 3.3.1 中修复。更多信息请参阅 GitHub博客上的[这篇文章](https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/)。'
+    - '**2021 年 12 月 17 日更新**：此版本的现有修补程序还缓解了在此版本之后发布的 [CVE-2021-45046](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046)。无需对 {% data variables.product.prodname_ghe_server %} 进行额外升级即可缓解 CVE-2021-44228 和 CVE-2021-45046。'
   known_issues:
     - 在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上，攻击者可以创建第一个管理员用户。
     - 自定义防火墙规则在升级过程中被删除。

translations/zh-CN/data/release-notes/enterprise-server/3-2/0-rc1.yml

@@ -194,7 +194,7 @@ sections:
         - Dependency graph and {% data variables.product.prodname_dependabot_alerts %} now support Go modules. {% data variables.product.prodname_ghe_server %} analyzes a repository's `go.mod` files to understand the repository’s dependencies. Along with security advisories, the dependency graph provides the information needed to alert developers to vulnerable dependencies. For more information about enabling the dependency graph on private repositories, see "[Securing your repository](/code-security/getting-started/securing-your-repository#managing-the-dependency-graph)."
 
         # https://github.com/github/releases/issues/1538
-        - The default notification settings for security alerts have changed. Previously, if you had permission to view security alerts in a repository, you would receive notifications for that repository as long as your settings allowed for security alert notifications. Now, you must opt in to security alert notifications by watching the repository. You will be notified if you select `All Activity` or configure `Custom` to include `Security alerts`. All existing repositories will be automatically migrated to these new settings and you will continue to receive notifications; however, any new repositories will require opting-in by watching the repository. For more information see "[Configuring notifications for vulnerable dependencies](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies)" and "[Managing alerts from secret scanning](/code-security/secret-security/managing-alerts-from-secret-scanning)."
+        - The default notification settings for security alerts have changed. Previously, if you had permission to view security alerts in a repository, you would receive notifications for that repository as long as your settings allowed for security alert notifications. Now, you must opt in to security alert notifications by watching the repository. You will be notified if you select `All Activity` or configure `Custom` to include `Security alerts`. All existing repositories will be automatically migrated to these new settings and you will continue to receive notifications; however, any new repositories will require opting-in by watching the repository. For more information see "[Configuring notifications for {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts)" and "[Managing alerts from secret scanning](/code-security/secret-security/managing-alerts-from-secret-scanning)."
 
     - heading: 'Code scanning and secret scanning changes'
       notes:

translations/zh-CN/data/release-notes/enterprise-server/3-2/0.yml

@@ -196,7 +196,7 @@ sections:
         - Dependency graph and {% data variables.product.prodname_dependabot_alerts %} now support Go modules. {% data variables.product.prodname_ghe_server %} analyzes a repository's `go.mod` files to understand the repository’s dependencies. Along with security advisories, the dependency graph provides the information needed to alert developers to vulnerable dependencies. For more information about enabling the dependency graph on private repositories, see "[Securing your repository](/code-security/getting-started/securing-your-repository#managing-the-dependency-graph)."
 
         # https://github.com/github/releases/issues/1538
-        - The default notification settings for security alerts have changed. Previously, if you had permission to view security alerts in a repository, you would receive notifications for that repository as long as your settings allowed for security alert notifications. Now, you must opt in to security alert notifications by watching the repository. You will be notified if you select `All Activity` or configure `Custom` to include `Security alerts`. All existing repositories will be automatically migrated to these new settings and you will continue to receive notifications; however, any new repositories will require opting-in by watching the repository. For more information see "[Configuring notifications for vulnerable dependencies](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies)" and "[Managing alerts from secret scanning](/code-security/secret-security/managing-alerts-from-secret-scanning)."
+        - The default notification settings for security alerts have changed. Previously, if you had permission to view security alerts in a repository, you would receive notifications for that repository as long as your settings allowed for security alert notifications. Now, you must opt in to security alert notifications by watching the repository. You will be notified if you select `All Activity` or configure `Custom` to include `Security alerts`. All existing repositories will be automatically migrated to these new settings and you will continue to receive notifications; however, any new repositories will require opting-in by watching the repository. For more information see "[Configuring notifications for {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts)" and "[Managing alerts from secret scanning](/code-security/secret-security/managing-alerts-from-secret-scanning)."
 
     - heading: 'Code scanning and secret scanning changes'
       notes:

translations/zh-CN/data/release-notes/enterprise-server/3-2/6.yml

@@ -2,8 +2,8 @@
 date: '2021-12-13'
 sections:
   security_fixes:
-    - '{% octicon "alert" aria-label="The alert icon" %} **Critical:** A remote code execution vulnerability in the Log4j library, identified as [CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228), affected all versions of {% data variables.product.prodname_ghe_server %} prior to 3.3.1. The Log4j library is used in an open source service running on the {% data variables.product.prodname_ghe_server %} instance. This vulnerability was fixed in {% data variables.product.prodname_ghe_server %} versions 3.0.22, 3.1.14, 3.2.6, and 3.3.1.  For more information, please see [this post](https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/) on the GitHub Blog.'
-    - '**December 17, 2021 update**: The fixes in place for this release also mitigate [CVE-2021-45046](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046), which was published after this release. No additional upgrade for {% data variables.product.prodname_ghe_server %} is required to mitigate both CVE-2021-44228 and CVE-2021-45046.'
+    - '{% octicon "alert" aria-label="The alert icon" %} **严重：** Log4j 库中的远程执行代码漏洞（标识为 [CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228)）影响了 3.3.1 之前所有版本的 {% data variables.product.prodname_ghe_server %} 。Log4j 库用于在 {% data variables.product.prodname_ghe_server %} 实例上运行的开源服务中。此漏洞已在 {% data variables.product.prodname_ghe_server %} 版本 3.0.22、3.1.14、3.2.6 和 3.3.1 中修复。更多信息请参阅 GitHub博客上的[这篇文章](https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/)。'
+    - '**2021 年 12 月 17 日更新**：此版本的现有修补程序还缓解了在此版本之后发布的 [CVE-2021-45046](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046)。无需对 {% data variables.product.prodname_ghe_server %} 进行额外升级即可缓解 CVE-2021-44228 和 CVE-2021-45046。'
   known_issues:
     - 在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上，攻击者可以创建第一个管理员用户。
     - 自定义防火墙规则在升级过程中被删除。

translations/zh-CN/data/release-notes/enterprise-server/3-3/1.yml

@@ -2,8 +2,8 @@
 date: '2021-12-13'
 sections:
   security_fixes:
-    - '{% octicon "alert" aria-label="The alert icon" %} **Critical:** A remote code execution vulnerability in the Log4j library, identified as [CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228), affected all versions of {% data variables.product.prodname_ghe_server %} prior to 3.3.1. The Log4j library is used in an open source service running on the {% data variables.product.prodname_ghe_server %} instance. This vulnerability was fixed in {% data variables.product.prodname_ghe_server %} versions 3.0.22, 3.1.14, 3.2.6, and 3.3.1.  For more information, please see [this post](https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/) on the GitHub Blog.'
-    - '**December 17, 2021 update**: The fixes in place for this release also mitigate [CVE-2021-45046](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046), which was published after this release. No additional upgrade for {% data variables.product.prodname_ghe_server %} is required to mitigate both CVE-2021-44228 and CVE-2021-45046.'
+    - '{% octicon "alert" aria-label="The alert icon" %} **严重：** Log4j 库中的远程执行代码漏洞（标识为 [CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228)）影响了 3.3.1 之前所有版本的 {% data variables.product.prodname_ghe_server %} 。Log4j 库用于在 {% data variables.product.prodname_ghe_server %} 实例上运行的开源服务中。此漏洞已在 {% data variables.product.prodname_ghe_server %} 版本 3.0.22、3.1.14、3.2.6 和 3.3.1 中修复。更多信息请参阅 GitHub博客上的[这篇文章](https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/)。'
+    - '**2021 年 12 月 17 日更新**：此版本的现有修补程序还缓解了在此版本之后发布的 [CVE-2021-45046](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046)。无需对 {% data variables.product.prodname_ghe_server %} 进行额外升级即可缓解 CVE-2021-44228 和 CVE-2021-45046。'
   known_issues:
     - After upgrading to {% data variables.product.prodname_ghe_server %} 3.3, {% data variables.product.prodname_actions %} may fail to start automatically. To resolve this issue, connect to the appliance via SSH and run the `ghe-actions-start` command.
     - 在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 实例上，攻击者可以创建第一个管理员用户。

translations/zh-CN/data/release-notes/enterprise-server/3-4/0.yml

@@ -152,6 +152,8 @@ sections:
     - '{% data variables.product.prodname_registry %} npm 注册表不再返回元数据响应的时间值。这样做是为了大幅改善性能。作为元数据响应的一部分，我们继续拥有返回时间值所需的所有数据，并将在我们解决现有性能问题后恢复返回这个值。'
     - 特定于处理预接收挂钩的资源限制可能会导致某些预接收挂钩失败。
     - Actions services needs to be restarted after restoring appliance from backup taken on a different host.
+    - |
+      After registering a self-hosted runner with the `--ephemeral` parameter on more than one level (for example, both enterprise and organization), the runner may get stuck in an idle state and require re-registration. [Updated: 2022-06-17]
     - |
       When using SAML encrypted assertions with {% data variables.product.prodname_ghe_server %} 3.4.0 and 3.4.1, a new XML attribute `WantAssertionsEncrypted` in the `SPSSODescriptor` contains an invalid attribute for SAML metadata. IdPs that consume this SAML metadata endpoint may encounter errors when validating the SAML metadata XML schema. A fix will be available in the next patch release. [Updated: 2022-04-11]
 

translations/zh-CN/data/release-notes/enterprise-server/3-4/1.yml

@@ -47,6 +47,8 @@ sections:
     - When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in {% data variables.product.prodname_dotcom_the_website %} search results.
     - '{% data variables.product.prodname_registry %} npm 注册表不再返回元数据响应的时间值。这样做是为了大幅改善性能。作为元数据响应的一部分，我们继续拥有返回时间值所需的所有数据，并将在我们解决现有性能问题后恢复返回这个值。'
     - 特定于处理预接收挂钩的资源限制可能会导致某些预接收挂钩失败。
+    - |
+      After registering a self-hosted runner with the `--ephemeral` parameter on more than one level (for example, both enterprise and organization), the runner may get stuck in an idle state and require re-registration. [Updated: 2022-06-17]
     - |
       When using SAML encrypted assertions with {% data variables.product.prodname_ghe_server %} 3.4.0 and 3.4.1, a new XML attribute `WantAssertionsEncrypted` in the `SPSSODescriptor` contains an invalid attribute for SAML metadata. IdPs that consume this SAML metadata endpoint may encounter errors when validating the SAML metadata XML schema. A fix will be available in the next patch release. [Updated: 2022-04-11]
 

translations/zh-CN/data/release-notes/enterprise-server/3-4/2.yml

@@ -26,6 +26,8 @@ sections:
     - When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in {% data variables.product.prodname_dotcom_the_website %} search results.
     - '{% data variables.product.prodname_registry %} npm 注册表不再返回元数据响应的时间值。这样做是为了大幅改善性能。作为元数据响应的一部分，我们继续拥有返回时间值所需的所有数据，并将在我们解决现有性能问题后恢复返回这个值。'
     - 特定于处理预接收挂钩的资源限制可能会导致某些预接收挂钩失败。
+    - |
+      After registering a self-hosted runner with the `--ephemeral` parameter on more than one level (for example, both enterprise and organization), the runner may get stuck in an idle state and require re-registration. [Updated: 2022-06-17]
   deprecations:
     - 
       heading: 弃用 GitHub Enterprise Server 3.0

translations/zh-CN/data/release-notes/enterprise-server/3-4/3.yml

@@ -34,3 +34,5 @@ sections:
     - When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in {% data variables.product.prodname_dotcom_the_website %} search results.
     - '{% data variables.product.prodname_registry %} npm 注册表不再返回元数据响应的时间值。这样做是为了大幅改善性能。作为元数据响应的一部分，我们继续拥有返回时间值所需的所有数据，并将在我们解决现有性能问题后恢复返回这个值。'
     - 特定于处理预接收挂钩的资源限制可能会导致某些预接收挂钩失败。
+    - |
+      After registering a self-hosted runner with the `--ephemeral` parameter on more than one level (for example, both enterprise and organization), the runner may get stuck in an idle state and require re-registration. [Updated: 2022-06-17]

translations/zh-CN/data/release-notes/enterprise-server/3-4/4.yml

@@ -26,6 +26,8 @@ sections:
     - When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in {% data variables.product.prodname_dotcom_the_website %} search results.
     - '{% data variables.product.prodname_registry %} npm 注册表不再返回元数据响应的时间值。这样做是为了大幅改善性能。作为元数据响应的一部分，我们继续拥有返回时间值所需的所有数据，并将在我们解决现有性能问题后恢复返回这个值。'
     - 特定于处理预接收挂钩的资源限制可能会导致某些预接收挂钩失败。
+    - |
+      After registering a self-hosted runner with the `--ephemeral` parameter on more than one level (for example, both enterprise and organization), the runner may get stuck in an idle state and require re-registration. [Updated: 2022-06-17]
     - |
       When using SAML encrypted assertions with {% data variables.product.prodname_ghe_server %} 3.4.0 and 3.4.1, a new XML attribute `WantAssertionsEncrypted` in the `SPSSODescriptor` contains an invalid attribute for SAML metadata. IdPs that consume this SAML metadata endpoint may encounter errors when validating the SAML metadata XML schema. A fix will be available in the next patch release. [Updated: 2022-04-11]
 

translations/zh-CN/data/release-notes/enterprise-server/3-5/0.yml

@@ -293,6 +293,13 @@ sections:
     - |
       It is now possible for GitHub Apps to upload release assets.
   changes:
+    - |
+      Minimum requirements for root storage and memory increased for GitHub Enterprise Server 2.10 and 3.0, and are now enforced as of 3.5.0.
+
+        - In version 2.10, the minimum requirement for root storage increased from 80 GB to 200 GB. As of 3.5.0, system preflight checks will fail if the root storage is smaller than 80 GB.
+        - In version 3.0, the minimum requirement for memory increased to from 16 GB to 32 GB. As of 3.5.0, system preflight checks will fail if the system has less than 28 GB of memory.
+
+      For more information, see the minimum requirements for each supported deployment platform in "[Setting up a GitHub Enterprise Server instance](/enterprise-server/admin/installation/setting-up-a-github-enterprise-server-instance)." [Updated: 2022-06-20]
     - |
       To use the device authorization flow for OAuth and GitHub Apps, you must manually enable the feature. This change reduces the likelihood of apps being used in phishing attacks against GitHub Enterprise Server users by ensuring integrators are aware of the risks and make a conscious choice to support this form of authentication. If you own or manage an OAuth App or GitHub App and you want to use the device flow, you can enable it for your app via the app's settings page. The device flow API endpoints will respond with status code `400` to apps that have not enabled this feature. For more information, see "[Authorizing OAuth Apps](/developers/apps/building-oauth-apps/authorizing-oauth-apps#device-flow)."
     - |
@@ -343,4 +350,4 @@ sections:
     - 特定于处理预接收挂钩的资源限制可能会导致某些预接收挂钩失败。
     - Actions services need to be restarted after restoring an appliance from a backup taken on a different host.
     - 'Deleted repositories will not be purged from disk automatically after the 90-day retention period ends. [Updated: 2022-06-08]'
-    - 'The Management Console cannot be accessed on an under-provisioned instance. [Updated: 2022-06-14]'
+    - 'Management Console may appear stuck on the _Starting_ screen after upgrading an under-provisioned instance to GitHub Enterprise Server 3.5. [Updated: 2022-06-20]'

translations/zh-CN/data/release-notes/enterprise-server/3-5/1.yml

@@ -30,3 +30,4 @@ sections:
     - 特定于处理预接收挂钩的资源限制可能会导致某些预接收挂钩失败。
     - Actions services need to be restarted after restoring an appliance from a backup taken on a different host.
     - 'Deleted repositories will not be purged from disk automatically after the 90-day retention period ends. This issue is resolved in the 3.5.1 release. [Updated: 2022-06-10]'
+    - 'Management Console may appear stuck on the _Starting_ screen after upgrading an under-provisioned instance to GitHub Enterprise Server 3.5. [Updated: 2022-06-20]'

translations/zh-CN/data/release-notes/github-ae/2021-06/2021-12-06.yml

@@ -1,63 +1,56 @@
----
 date: '2021-12-06'
-friendlyDate: '2021 年 12 月 6 日'
-title: '2021 年 12 月 6 日'
+friendlyDate: 'December 6, 2021'
+title: 'December 6, 2021'
 currentWeek: false
 sections:
   features:
-    - 
-      heading: '管理'
+    - heading: 'Administration'
       notes:
         - |
-          拥有 {% data variables.product.product_name %} 的有效或试用订阅的客户现在可以从 [Azure 门户](https://portal.azure.com/signin/index/) 预配 {% data variables.product.product_name %} 资源。Azure 订阅必须具有功能标记才能访问门户中的 {% data variables.product.product_name %} 资源。请联系客户经理或 {% data variables.contact.contact_enterprise_sales %} 以验证 Azure 订阅的资格。更多信息请参阅“[设置 {% data variables.product.prodname_ghe_managed %} 的试用版](/get-started/signing-up-for-github/setting-up-a-trial-of-github-ae#deploying-github-ae-with-the-azure-portal)”。
-    - 
-      heading: 'GitHub Actions'
+          Customers with active or trial subscriptions for {% data variables.product.product_name %} can now provision {% data variables.product.product_name %} resources from the [Azure Portal](https://portal.azure.com/signin/index/). Your Azure subscription must be feature-flagged to access {% data variables.product.product_name %} resources in the portal. Contact your account manager or {% data variables.contact.contact_enterprise_sales %} to validate your Azure subscription's eligibility. For more information, see "[Setting up a trial of {% data variables.product.prodname_ghe_managed %}](/get-started/signing-up-for-github/setting-up-a-trial-of-github-ae#deploying-github-ae-with-the-azure-portal)."
+    - heading: 'GitHub Actions'
       notes:
         - |
-          [GitHub Actions](https://github.com/features/actions) 现已正式发布，适用于 {% data variables.product.product_name %}。GitHub Actions 是一款功能强大、灵活的 CI/CD 和工作流程自动化解决方案。更多信息，请参阅“[GitHub Actions 简介](/actions/learn-github-actions/introduction-to-github-actions)”。
+          [GitHub Actions](https://github.com/features/actions) is now generally available for {% data variables.product.product_name %}. GitHub Actions is a powerful, flexible solution for CI/CD and workflow automation. For more information, see "[Introduction to GitHub Actions](/actions/learn-github-actions/introduction-to-github-actions)."
         - |
-          自托管运行器是 {% data variables.product.product_name %} 上的默认运行器系统类型，现在已正式可用于 GitHub Actions。使用自托管运行器，可以管理自己的计算机或容器，以执行 GitHub Actions 作业。更多信息请参阅“[关于自托管运行器](https://docs.github.com/en/github-ae@latest/actions/hosting-your-own-runners/about-self-hosted-runners)”和“[添加自托管运行器](/actions/hosting-your-own-runners/adding-self-hosted-runners)”。
+          Self-hosted runners are the default type of runner system on {% data variables.product.product_name %}, and are now generally available for GitHub Actions. With self-hosted runners, you can manage your own machines or containers for the execution of GitHub Actions jobs. For more information, see "[About self-hosted runners](https://docs.github.com/en/github-ae@latest/actions/hosting-your-own-runners/about-self-hosted-runners)" and "[Adding self-hosted runners](/actions/hosting-your-own-runners/adding-self-hosted-runners)."
         - |
-          环境、环境保护规则和环境机密现已正式发布，可用于 {% data variables.product.product_name %} 上的 GitHub Actions。更多信息请参阅“[[Environments]](/actions/reference/environments)”。
+          Environments, environment protection rules, and environment secrets are now generally available for GitHub Actions on {% data variables.product.product_name %}. For more information, see "[Environments](/actions/reference/environments)."
         - |
-          GitHub Actions 现在可以在每次运行时生成工作流程的可视化图形。通过工作流程可视化，您可以实现以下目标。
+          GitHub Actions can now generate a visual graph of your workflow on every run. With workflow visualization, you can achieve the following.
 
-          - 查看和了解复杂的工作流程。
-          - 实时跟踪工作流程的进度。
-          - 通过轻松访问日志和作业元数据，快速对运行进行故障排除。
-          - 监控部署作业的进度并轻松访问部署目标。
+          - View and understand complex workflows.
+          - Track progress of workflows in real-time.
+          - Troubleshoot runs quickly by easily accessing logs and jobs metadata.
+          - Monitor progress of deployment jobs and easily access deployment targets.
 
-          更多信息请参阅“[使用可视化图](/actions/managing-workflow-runs/using-the-visualization-graph)”。
+          For more information, see "[Using the visualization graph](/actions/managing-workflow-runs/using-the-visualization-graph)."
         - |
-          GitHub Actions 现在允许您控制授予“GITHUB_TOKEN”密钥的权限。“GITHUB_TOKEN”是自动生成的密钥，可用于对 API 进行经过身份验证的调用，以用于工作流程运行中的 {% data variables.product.product_name %}。GitHub Actions 为每个作业生成一个新令牌，并在作业完成时使令牌过期。令牌对许多 [API 端点](/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token) 具有“写入”权限，但来自复刻的拉取请求除外，这些请求始终是“读取”的。这些新设置允许您在工作流中遵循最小权限原则。更多信息请参阅“[工作流程中的身份验证](/actions/reference/authentication-in-a-workflow#modifying-the-permissions-for-the-github_token)”。
+          GitHub Actions now lets you control the permissions granted to the `GITHUB_TOKEN` secret. The `GITHUB_TOKEN` is an automatically generated secret that lets you make authenticated calls to the API for {% data variables.product.product_name %} in your workflow runs. GitHub Actions generates a new token for each job and expires the token when a job completes. The token has `write` permissions to a number of [API endpoints](/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token) except in the case of pull requests from forks, which are always `read`. These new settings allow you to follow a principle of least privilege in your workflows. For more information, see "[Authentication in a workflow](/actions/reference/authentication-in-a-workflow#modifying-the-permissions-for-the-github_token)."
         - |
-          GitHub 操作现在支持通过在您的提交消息中寻找一些常见的关键字，以跳过 `push` 和 `pull_request` 工作流程。
+          GitHub Actions now supports skipping `push` and `pull_request` workflows by looking for some common keywords in your commit message.
         - |
           GitHub CLI 1.9 and later allows you to work with GitHub Actions in your terminal. For more information, see [{% data variables.product.prodname_blog %}](https://github.blog/changelog/2021-04-15-github-cli-1-9-enables-you-to-work-with-github-actions-from-your-terminal/).
-    - 
-      heading: '代码扫描'
+
+    - heading: 'Code scanning'
       notes:
         - |
           Code scanning is now in beta for {% data variables.product.product_name %}. For more information, see "[About code scanning](/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning)."
-    - 
-      heading: '秘密扫描'
+    - heading: 'Secret scanning'
       notes:
         - |
           You can now specify your own patterns for secret scanning with the beta of custom patterns on {% data variables.product.product_name %}. You can specify patterns for repositories, organizations, and your entire enterprise. When you specify a new pattern, secret scanning searches a repository's entire Git history for the pattern, as well as any new commits. For more information, see "[Defining custom patterns for secret scanning](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
-    - 
-      heading: 'GitHub Connect'
+    - heading: 'GitHub Connect'
       notes:
         - |
           GitHub Connect is now available in beta for {% data variables.product.product_name %}. GitHub Connect brings the power of the world's largest open source community to {% data variables.product.product_location %}. You can allow users to view search results from {% data variables.product.prodname_dotcom_the_website %} on {% data variables.product.product_name %}, show contribution counts from {% data variables.product.product_name %} on {% data variables.product.prodname_dotcom_the_website %}, and use GitHub Actions from {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[Managing connections between your enterprise accounts](/admin/configuration/managing-connections-between-your-enterprise-accounts)."
-    - 
-      heading: 'GitHub Packages'
+    - heading: 'GitHub Packages'
       notes:
         - |
           You can now delete any package or package version for GitHub Packages from {% data variables.product.product_name %}'s web UI. You can also undo the deletion of any package or package version within 30 days. For more information, see "[Deleting and restoring a package](/packages/learn-github-packages/deleting-and-restoring-a-package)."
         - |
           The npm registry for GitHub Packages and {% data variables.product.prodname_dotcom_the_website %} no longer returns a time value in metadata responses, providing substantial performance improvements. {% data variables.product.company_short %} will continue returning the time value in the future.
-    - 
-      heading: '审核日志'
+    - heading: 'Audit logging'
       notes:
         - |
           Events for pull requests and pull request reviews are now included in the audit log for both [enterprises](/admin/user-management/monitoring-activity-in-your-enterprise/audited-actions) and [organizations](/organizations/keeping-your-organization-secure/reviewing-the-audit-log-for-your-organization). These events help administrators better monitor pull request activity and ensure security and compliance requirements are being met. Events can be viewed from the web UI, exported as CSV or JSON, or accessed via REST API. You can also search the audit log for specific pull request events.
@@ -66,8 +59,7 @@ sections:
 
           - A workflow is deleted or re-run.
           - A self-hosted runner's version is updated.
-    - 
-      heading: '身份验证'
+    - heading: 'Authentication'
       notes:
         - |
           GitHub AE now officially supports Okta for SAML single sign-on (SSO) and user provisioning with SCIM. You can also map groups in Okta to teams on GitHub AE. For more information, see "[Configuring authentication and provisioning for your enterprise using Okta](/admin/authentication/configuring-authentication-and-provisioning-with-your-identity-provider/configuring-authentication-and-provisioning-for-your-enterprise-using-okta)" and "[Mapping Okta groups to teams](/admin/authentication/configuring-authentication-and-provisioning-with-your-identity-provider/mapping-okta-groups-to-teams)."
@@ -77,16 +69,14 @@ sections:
           You can now authenticate SSH connections to {% data variables.product.product_name %} using a FIDO2 security key by adding an `sk-ecdsa-sha2-nistp256@openssh.com` SSH key to your account. SSH security keys store secret key material on a separate hardware device that requires verification, such as a tap, to operate. Storing the key on separate hardware and requiring physical interaction for your SSH key offers additional security. Since the key is stored on hardware and is non-extractable, the key can't be read or stolen by software running on the computer. The physical interaction prevents unauthorized use of the key since the security key will not operate until you physically interact with it. For more information, see "[Generating a new SSH key and adding it to the ssh-agent](/github/authenticating-to-github/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#generating-a-new-ssh-key-for-a-hardware-security-key)."
         - |
           Git Credential Manager (GCM) Core versions 2.0.452 and later now provide secure credential storage and multi-factor authentication support for {% data variables.product.product_name %}. GCM Core with support for {% data variables.product.product_name %} is included with [Git for Windows](https://gitforwindows.org) versions 2.32 and later. GCM Core is not included with Git for macOS or Linux, but can be installed separately. For more information, see the [latest release](https://github.com/microsoft/Git-Credential-Manager-Core/releases/) and [installation instructions](https://github.com/microsoft/Git-Credential-Manager-Core/releases/) in the `microsoft/Git-Credential-Manager-Core` repository.
-    - 
-      heading: '通知'
+    - heading: 'Notifications'
       notes:
         - |
           You can now configure which events you would like to be notified about on {% data variables.product.product_name %}. From any repository, select the {% octicon "file-code" aria-label="The code icon" %} **Watch** drop-down, then click **Custom**. For more information, see "[Configuring notifications](/github/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications)."
-    - 
-      heading: '议题和拉取请求'
+    - heading: 'Issues and pull requests'
       notes:
         - |
-          使用 [最新版本的 Octicons](https://github.com/primer/octicons/releases)，现在议题和拉取请求的状态在视觉上更加明显，因此您可以更轻松地扫描其状态。更多信息请参阅 [{% data variables.product.prodname_blog %}](https://github.blog/changelog/2021-06-08-new-issue-and-pull-request-state-icons/)。
+          With the [latest version of Octicons](https://github.com/primer/octicons/releases), the states of issues and pull requests are now more visually distinct so you can scan status more easily. For more information, see [{% data variables.product.prodname_blog %}](https://github.blog/changelog/2021-06-08-new-issue-and-pull-request-state-icons/).
         - |
           You can now see all pull request review comments in the **Files** tab for a pull request by selecting the  **Conversations** drop-down. You can also require that all pull request review comments are resolved before anyone merges the pull request. For more information, see "[About pull request reviews](/github/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews#discovering-and-navigating-conversations)" and "[About protected branches](/github/administering-a-repository/defining-the-mergeability-of-pull-requests/about-protected-branches#require-conversation-resolution-before-merging)." For more information about management of branch protection settings with the API, see "[Branches](/rest/reference/branches#get-branch-protection)" in the REST API documentation and "[Mutations](/graphql/reference/mutations#createbranchprotectionrule)" in the GraphQL API documentation.
         - |
@@ -100,11 +90,11 @@ sections:
         - |
           To prevent the merge of unexpected changes after you enable auto-merge for a pull request, auto-merge is now disabled automatically when new changes are pushed by a user without write access to the repository. Users without write access can still update the pull request with changes from the base branch when auto-merge is enabled. To prevent a malicious user from using a merge conflict to introduce unexpected changes to the pull request, {% data variables.product.product_name %} will disable auto-merge for the pull request if the update causes a merge conflict. For more information about auto-merge, see "[Automatically merging a pull request](/github/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/automatically-merging-a-pull-request)."
         - |
-          具有维护权限的人员现在可以管理存储库级别的“允许自动合并”设置。此设置（默认情况下处于关闭状态）控制自动合并是否可用于存储库中的拉取请求。以前，只有具有管理员权限的人员才能管理此设置。此外，现在可以通过使用“[创建存储库](/rest/reference/repos#create-an-organization-repository)" and "[Update a repository](/rest/reference/repos#update-a-repository)”REST API 来控制此设置。更多信息请参阅“[管理存储库中拉取请求的自动合并](/github/administering-a-repository/configuring-pull-request-merges/managing-auto-merge-for-pull-requests-in-your-repository)”。
+          People with maintain access can now manage the repository-level "Allow auto-merge" setting. This setting, which is off by default, controls whether auto-merge is available on pull requests in the repository. Previously, only people with admin access could manage this setting. Additionally, this setting can now by controlled using the "[Create a repository](/rest/reference/repos#create-an-organization-repository)" and "[Update a repository](/rest/reference/repos#update-a-repository)" REST APIs. For more information, see "[Managing auto-merge for pull requests in your repository](/github/administering-a-repository/configuring-pull-request-merges/managing-auto-merge-for-pull-requests-in-your-repository)."
         - |
-          针对议题和拉取请求的受理人选择现在支持提前键入搜索，以便您可以更快地在组织中查找用户。此外，搜索结果排名已更新为首选用户的用户名或个人资料名称开头的匹配项。
-    - 
-      heading: '仓库'
+          The assignees selection for issues and pull requests now supports type ahead searching so you can find users in your organization faster. Additionally, search result rankings have been updated to prefer matches at the start of a person's username or profile name.
+
+    - heading: 'Repositories'
       notes:
         - |
           When viewing the commit history for a file, you can now click {% octicon "file-code" aria-label="The code icon" %} to view the file at the specified time in the repository's history.
@@ -118,18 +108,15 @@ sections:
           When you define a submodule in {% data variables.product.product_location %} with a relative path, the submodule is now clickable in the web UI. Clicking the submodule in the web UI will take you to the linked repository. Previously, only submodules with absolute URLs were clickable. Relative paths for repositories with the same owner that follow the pattern <code>../<em>REPOSITORY</em></code> or relative paths for repositories with a different owner that follow the pattern <code>../<em>OWNER</em>/<em>REPOSITORY</em></code> are supported. For more information about working with submodules, see [Working with submodules](https://github.blog/2016-02-01-working-with-submodules/) on {% data variables.product.prodname_blog %}.
         - |
           By precomputing checksums, the amount of time a repository is under lock has reduced dramatically, allowing more write operations to succeed immediately and improving monorepo performance.
-    - 
-      heading: '版本发布'
+    - heading: 'Releases'
       notes:
         - |
           You can now react with emoji to all releases on {% data variables.product.product_name %}. For more information, see "[About releases](/github/administering-a-repository/releasing-projects-on-github/about-releases)."
-    - 
-      heading: '主题'
+    - heading: 'Themes'
       notes:
         - |
           Dark and dark dimmed themes are now available for the web UI. {% data variables.product.product_name %} will match your system preferences when you haven't set theme preferences in {% data variables.product.product_name %}. You can also customize the themes that are active during day and night. For more information, see "[Managing your theme settings](/github/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-your-theme-settings)."
-    - 
-      heading: 'Markdown'
+    - heading: 'Markdown'
       notes:
         - |
           Markdown files in your repositories now automatically generate a table of contents in the header the file has two or more headings. The table of contents is interactive and links to the corresponding section. All six Markdown heading levels are supported. For more information, see "[About READMEs](/github/creating-cloning-and-archiving-repositories/creating-a-repository-on-github/about-readmes#auto-generated-table-of-contents-for-readme-files)."
@@ -139,13 +126,11 @@ sections:
           While editing Markdown in files, issues, pull requests, or comments, you can now use a keyboard shortcut to insert a code block. The keyboard shortcut is <kbd>command</kbd> + <kbd>E</kbd> on a Mac or <kbd>Ctrl</kbd> + <kbd>E</kbd> on other devices. For more information, see "[Basic writing and formatting syntax](/github/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#quoting-code)."
         - |
           You can append `?plain=1` to the URL for any Markdown file to display the file without rendering and with line numbers. You can use the plain view to link other users to specific lines. For example, appending `?plain=1#L52` will highlight line 52 of a plain text Markdown file. For more information, "[Creating a permanent link to a code snippet](/github/writing-on-github/working-with-advanced-formatting/creating-a-permanent-link-to-a-code-snippet#linking-to-markdown)."
-    - 
-      heading: 'GitHub 应用程序'
+    - heading: 'GitHub Apps'
       notes:
         - |
           API requests to create an installation access token now respect IP allow lists for an enterprise or organization. Any API requests made with an installation access token for a GitHub App installed on your organization already respect IP allow lists. This feature does not currently consider any Azure network security group (NSG) rules that {% data variables.product.company_short %} Support has configured for {% data variables.product.product_location %}. For more information, see "[Restricting network traffic to your enterprise](/admin/configuration/configuring-your-enterprise/restricting-network-traffic-to-your-enterprise#about-ip-allow-lists)," "[Managing allowed IP addresses for your organization](/organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization)," and  "[Apps](https://docs.github.com/en/rest/reference/apps#create-an-installation-access-token-for-an-app)" in the REST API documentation.
-    - 
-      heading: 'Web 挂钩'
+    - heading: 'Webhooks'
       notes:
         - |
           You can now programmatically resend or check the status of webhooks through the REST API. For more information, see "[Repositories](https://docs.github.com/en/rest/reference/repos#webhooks)," "[Organizations](https://docs.github.com/en/rest/reference/orgs#webhooks)," and "[Apps](https://docs.github.com/en/rest/reference/apps#webhooks)" in the REST API documentation.

translations/zh-CN/data/release-notes/github-ae/2022-05/2022-05-17.yml

@@ -35,9 +35,9 @@ sections:
       heading: 'Dependabot 警报'
       notes:
         - |
-          Dependabot alerts can now notify you of vulnerabilities in your dependencies on GitHub AE. You can enable Dependabot alerts by enabling the dependency graph, enabling GitHub Connect, and syncing vulnerabilities from the GitHub Advisory Database. This feature is in beta and subject to change. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)."
+          Dependabot alerts can now notify you of vulnerabilities in your dependencies on GitHub AE. You can enable Dependabot alerts by enabling the dependency graph, enabling GitHub Connect, and syncing vulnerabilities from the GitHub Advisory Database. This feature is in beta and subject to change. For more information, see "[About Dependabot alerts](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)."
 
-          After you enable Dependabot alerts, members of your organization will receive notifications any time a new vulnerability that affects their dependencies is added to the GitHub Advisory Database or a vulnerable dependency is added to their manifest. Members can customize notification settings. For more information, see "[Configuring notifications for vulnerable dependencies](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies)." <!-- ⚠️ Articles will be available when we toggle content feature flags -->
+          After you enable Dependabot alerts, members of your organization will receive notifications any time a new vulnerability that affects their dependencies is added to the GitHub Advisory Database or a vulnerable dependency is added to their manifest. Members can customize notification settings. For more information, see "[Configuring notifications for % data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts)." <!-- ⚠️ Articles will be available when we toggle content feature flags -->
     - 
       heading: 'Security manager role for organizations'
       notes:

translations/zh-CN/data/reusables/accounts/accounts-billed-separately.md

@@ -1 +1 @@
-Each account on {% data variables.product.product_name %} is billed separately. Upgrading an organization account enables paid features for the organization's repositories only and does not affect the features available in repositories owned by any associated personal accounts. Similarly, upgrading a personal account enables paid features for the personal account's repositories only and does not affect the repositories of any organization accounts. 有关帐户类型的详细信息，请参阅“[{% data variables.product.prodname_dotcom %} 帐户类型](/get-started/learning-about-github/types-of-github-accounts)”。
+{% data variables.product.product_name %} 上的每个帐户都单独计费。 升级组织帐户仅允许为组织的仓库启用付费功能，而不会影响任何关联个人帐户拥有的仓库中可用的功能。 同样，升级个人帐户仅允许个人帐户的存储库的付费功能，而不会影响任何组织帐户的存储库。 有关帐户类型的详细信息，请参阅“[{% data variables.product.prodname_dotcom %} 帐户类型](/get-started/learning-about-github/types-of-github-accounts)”。

translations/zh-CN/data/reusables/actions/about-artifact-log-retention.md

@@ -6,7 +6,7 @@
 - 对于公共仓库：您可以将此保留期更改为 1 至 90 天。
 - 对于私有{% ifversion ghec %} 和内部{% endif %} 存储库：您可以将此保留期更改为 1 天或 400 天之间的任何保留期。
 {%- else %}
-You can change this retention period to anywhere between 1 day or 400 days.
+您可以将此保留期更改为 1 至 400 天。
 {%- endif %}
 
 自定义保留期时，它仅适用于新构件和日志文件，并且不追溯性地应用于现有对象。 对于托管的仓库和组织，最长保留期不能超过管理组织或企业设置的限制。

translations/zh-CN/data/reusables/actions/create-azure-app-plan.md

@@ -13,5 +13,5 @@
 
    请查看 Azure 文档以了解更多有关使用 [Azure CLI](https://docs.microsoft.com/cli/azure/) 的信息：
 
-   * For authentication, see "[Sign in with Azure CLI](https://docs.microsoft.com/cli/azure/authenticate-azure-cli)."
+   * 有关身份验证，请参阅“[使用 Azure CLI 登录](https://docs.microsoft.com/cli/azure/authenticate-azure-cli)”。
    * 如果需要创建新的资源组，请参阅“[az 组](https://docs.microsoft.com/cli/azure/group?view=azure-cli-latest#az_group_create)”。

translations/zh-CN/data/reusables/actions/workflows/section-run-on-specific-branches-or-tags.md

@@ -7,7 +7,7 @@ Use the `tags` filter when you want to include tag name patterns or when you wan
 
 If you define only `tags`/`tags-ignore` or only `branches`/`branches-ignore`, the workflow won't run for events affecting the undefined Git ref. If you define neither  `tags`/`tags-ignore` or `branches`/`branches-ignore`, the workflow will run for events affecting either branches or tags. If you define both `branches`/`branches-ignore` and [`paths`](#onpushpull_requestpull_request_targetpathspaths-ignore), the workflow will only run when both filters are satisfied.
 
-`branches`、`branches-ignore`、`tags` 和 `tags-ignore` 关键词接受使用 `*`、`**`、`+`、`?`、`!` 等字符匹配多个分支或标记名称的 glob 模式。 If a name contains any of these characters and you want a literal match, you need to *escape* each of these special characters with `\`. 有关 glob 模式的更多信息，请参阅“[过滤器模式备忘清单](/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet)”。
+`branches`、`branches-ignore`、`tags` 和 `tags-ignore` 关键词接受使用 `*`、`**`、`+`、`?`、`!` 等字符匹配多个分支或标记名称的 glob 模式。 如果名称包含其中任一字符，而您想要逐字匹配，则需要使用 `\` *转义*每个特殊字符。 有关 glob 模式的更多信息，请参阅“[过滤器模式备忘清单](/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet)”。
 
 #### 示例：包括分支和标记
 

translations/zh-CN/data/reusables/actions/workflows/section-specifying-branches.md

@@ -1,9 +1,9 @@
 
-When using the `workflow_run` event, you can specify what branches the triggering workflow must run on in order to trigger your workflow.
+使用 `workflow_run` 事件时，可以指定触发工作流程必须在哪些分支上运行才能触发工作流程。
 
-The `branches` and `branches-ignore` filters accept glob patterns that use characters like `*`, `**`, `+`, `?`, `!` and others to match more than one branch name. If a name contains any of these characters and you want a literal match, you need to *escape* each of these special characters with `\`. 有关 glob 模式的更多信息，请参阅“[过滤器模式备忘清单](/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet)”。
+`branches` 和 `branches-ignore` 筛选器接受使用 `*`、`**`、`+`、`?`、`!` 等字符的 glob 模式来匹配多个分支名称。 如果名称包含其中任一字符，而您想要逐字匹配，则需要使用 `\` *转义*每个特殊字符。 有关 glob 模式的更多信息，请参阅“[过滤器模式备忘清单](/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet)”。
 
-For example, a workflow with the following trigger will only run when the workflow named `Build` runs on a branch whose name starts with `releases/`:
+例如，仅当名为 `Build` 的工作流程在名称以 `releases/` 开头的分支上运行时，具有以下触发器的工作流程才会运行：
 
 ```yaml
 on:

translations/zh-CN/data/reusables/advanced-security/getting-the-most-from-your-license.md

@@ -1,6 +1,6 @@
 当您决定哪些仓库和组织优先用于 {% data variables.product.prodname_GH_advanced_security %} 时，应该查看它们并识别：
 
-- 对公司成功至关重要的代码库。 在这些项目中，引入了易受攻击代码、硬编码的密钥或易受攻击的依赖项，将对您的公司将产生最大的影响。
+- 对公司成功至关重要的代码库。 These are the projects for which the introduction of vulnerable code, hard-coded secrets, or insecure dependencies would have the greatest impact on your company.
 - 提交频率最高的代码库。 这些是最积极开发的项目，因此出现安全问题的风险较高。
 
 对这些组织或仓库启用 {% data variables.product.prodname_GH_advanced_security %} 后，评估您可以添加哪些其他代码库，而不会对唯一提交者产生计费。 最后，查看其余重要和繁忙的代码库。 {% ifversion fpt or ghes or ghec %}如果您想增加许可证中的席位数，请联系 {% data variables.contact.contact_enterprise_sales %}。{% endif %}

translations/zh-CN/data/reusables/advanced-security/security-feature-availability.md

@@ -1 +1 @@
-Some features are available for {% ifversion ghes or ghae %}all repositories{% elsif fpt or ghec %}repositories on all plans{% endif %}. Additional features are available to enterprises that use {% data variables.product.prodname_GH_advanced_security %}. {% ifversion fpt or ghec %}{% data variables.product.prodname_GH_advanced_security %} features are also enabled for all public repositories on {% data variables.product.prodname_dotcom_the_website %}.{% endif %} {% data reusables.advanced-security.more-info-ghas %}
+某些功能可用于{% ifversion ghes or ghae %}所有存储库{% elsif fpt or ghec %}所有计划的存储库{% endif %}。 其他功能可供使用 {% data variables.product.prodname_GH_advanced_security %} 的企业使用。 {% ifversion fpt or ghec %}{% data variables.product.prodname_GH_advanced_security %} 功能也为 {% data variables.product.prodname_dotcom_the_website %} 上的所有公共存储库启用。{% endif %} {% data reusables.advanced-security.more-info-ghas %}

translations/zh-CN/data/reusables/advisory-database/beta-malware-advisories.md

@@ -0,0 +1,5 @@
+{% note %}
+
+**Note:** Advisories for malware are currently in beta and subject to change.
+
+{% endnote %}