From 3f69c961d838a0c2656e54c12ecee693e6e3181a Mon Sep 17 00:00:00 2001 From: Sophie <29382425+sophietheking@users.noreply.github.com> Date: Tue, 28 Feb 2023 09:49:41 +0100 Subject: [PATCH] [2023-02-23]: GHEC: Dependabot Alerts enablement at the enterprise level - [GA] (#34978) --- .../configuring-dependabot-alerts.md | 39 ++++++++++++++----- ...analysis-settings-for-your-organization.md | 16 ++++++-- ...d-analysis-settings-for-your-repository.md | 32 +++++++++------ ...ependabot-alerts-enterprise-enablement.yml | 4 ++ 4 files changed, 67 insertions(+), 24 deletions(-) create mode 100644 data/features/dependabot-alerts-enterprise-enablement.yml diff --git a/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md b/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md index 61c0f3c7f4..487a4782ae 100644 --- a/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md +++ b/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md @@ -19,14 +19,15 @@ topics: ## About {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies{% ifversion GH-advisory-db-supports-malware %} and malware{% endif %} -{% data reusables.repositories.a-vulnerability-is %} +{% data reusables.repositories.a-vulnerability-is %} {% data variables.product.prodname_dependabot %} scans code when a new advisory is added to the {% data variables.product.prodname_advisory_database %} or the dependency graph for a repository changes. When vulnerable dependencies{% ifversion GH-advisory-db-supports-malware %} or malware{% endif %} are detected, {% data variables.product.prodname_dependabot_alerts %} are generated. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)." You can enable or disable {% data variables.product.prodname_dependabot_alerts %} for: * Your personal account * Your repository -* Your organization +* Your organization{% ifversion dependabot-alerts-enterprise-enablement %} +* Your enterprise{% endif %} ## Managing {% data variables.product.prodname_dependabot_alerts %} for your personal account @@ -38,11 +39,11 @@ You can enable or disable {% data variables.product.prodname_dependabot_alerts % {% data reusables.user-settings.access_settings %} {% data reusables.user-settings.security-analysis %} -3. Under "Code security and analysis", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Disable all** or **Enable all**. +1. Under "Code security and analysis", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Disable all** or **Enable all**. ![Screenshot of "Configure security and analysis" features with "Enable all" or "Disable all" buttons emphasized](/assets/images/help/dependabot/dependabot-alerts-disable-or-enable-all.png) -4. Optionally, enable {% data variables.product.prodname_dependabot_alerts %} by default for new repositories that you create. +1. Optionally, enable {% data variables.product.prodname_dependabot_alerts %} by default for new repositories that you create. ![Screenshot of "Enable Dependabot alerts" with "Enable by default for new private repositories" checkbox emphasized](/assets/images/help/dependabot/dependabot-alerts-enable-by-default.png) -5. Click **Disable {% data variables.product.prodname_dependabot_alerts %}** or **Enable {% data variables.product.prodname_dependabot_alerts %}** to disable or enable {% data variables.product.prodname_dependabot_alerts %} for all the repositories you own. +1. Click **Disable {% data variables.product.prodname_dependabot_alerts %}** or **Enable {% data variables.product.prodname_dependabot_alerts %}** to disable or enable {% data variables.product.prodname_dependabot_alerts %} for all the repositories you own. ![Screenshot of "Enable Dependabot alerts" with "Enable Dependabot alerts" button emphasized](/assets/images/help/dependabot/dependabot-alerts-enable-dependabot-alerts.png) When you enable {% data variables.product.prodname_dependabot_alerts %} for existing repositories, you will see any results displayed on GitHub within minutes. @@ -72,7 +73,7 @@ By default, we notify people with admin permissions in the affected repositories {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-code-security-and-analysis %} -1. Under "Code security and analysis", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Enable** to enable alerts or **Disable** to disable alerts. +1. Under "Code security and analysis", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Enable** to enable alerts or **Disable** to disable alerts. ![Screenshot of "Code security and analysis" section with button to enable {% data variables.product.prodname_dependabot_security_updates %}](/assets/images/help/repository/security-and-analysis-disable-or-enable-fpt-private.png) {% endif %}{% ifversion ghes or ghae %} @@ -87,7 +88,7 @@ By default, we notify people with admin permissions in the affected repositories {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security-and-analysis %} -2. Under "Code security and analysis", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Disable all** or **Enable all**. +1. Under "Code security and analysis", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Disable all** or **Enable all**. {% ifversion fpt or ghec %} ![Screenshot of "Configure security and analysis" features with the "Enable all" or "Disable all" button emphasized for Dependabot alerts](/assets/images/help/dependabot/dependabot-alerts-disable-or-enable-fpt.png) {% endif %} @@ -95,16 +96,34 @@ By default, we notify people with admin permissions in the affected repositories !["Enable all" or "Disable all" button for "Configure security and analysis" features](/assets/images/enterprise/github-ae/organizations/security-and-analysis-disable-or-enable-all-ghae.png) {% endif %} {% ifversion fpt or ghec %} -3. Optionally, enable {% data variables.product.prodname_dependabot_alerts %} by default for new repositories in your organization. +1. Optionally, enable {% data variables.product.prodname_dependabot_alerts %} by default for new repositories in your organization. {% ifversion fpt or ghec %} ![Screenshot of "Enable by default" option for new repositories](/assets/images/help/dependabot/dependabot-alerts-enable-by-default-organizations.png) {% endif %} - {% endif %} {% ifversion fpt or ghec %} -4. Click **Disable {% data variables.product.prodname_dependabot_alerts %}** or **Enable {% data variables.product.prodname_dependabot_alerts %}** to disable or enable {% data variables.product.prodname_dependabot_alerts %} for all the repositories in your organization. +1. Click **Disable {% data variables.product.prodname_dependabot_alerts %}** or **Enable {% data variables.product.prodname_dependabot_alerts %}** to disable or enable {% data variables.product.prodname_dependabot_alerts %} for all the repositories in your organization. {% ifversion fpt or ghec %} ![Screenshot of "Enable Dependabot alerts" modal with button to disable or enable feature emphasized](/assets/images/help/dependabot/dependabot-alerts-enable-dependabot-alerts-organizations.png) {% endif %}{% endif %}{% endif %}{% ifversion ghes or ghae %} {% data variables.product.prodname_dependabot_alerts %} for your organization can be enabled or disabled by your enterprise owner. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)." {% endif %} + +{% ifversion dependabot-alerts-enterprise-enablement %} + +## Managing {% data variables.product.prodname_dependabot_alerts %} for your enterprise + +You can enable or disable {% data variables.product.prodname_dependabot_alerts %} for all current and future repositories owned by organizations in your enterprise. Your changes affect all repositories. + +{% note %} + +**Note:** When {% data variables.product.prodname_dependabot_alerts %} are enabled or disabled at the enterprise level, it overrides the organization and repository level settings for {% data variables.product.prodname_dependabot_alerts %}. + +{% endnote%} + +{% data reusables.enterprise-accounts.access-enterprise %} +{% data reusables.enterprise-accounts.settings-tab %} +1. In the left sidebar, click **Code security and analysis**. +1. In the "{% data variables.product.prodname_dependabot %}" section, to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Disable all** or **Enable all**. +1. Optionally, select **Automatically enable for new repositories** to enable {% data variables.product.prodname_dependabot_alerts %} by default for your organizations' new repositories. +{% endif %} diff --git a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md index 9fc7e5f94c..04d9696cab 100644 --- a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md +++ b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md @@ -63,6 +63,16 @@ You can enable or disable features for all repositories. {% endnote %} {% endif %} +{% ifversion dependabot-alerts-enterprise-enablement %} + +{% note %} + +**Note:** When {% data variables.product.prodname_dependabot_alerts %} are enabled or disabled at the enterprise level, it overrides the organization level settings for {% data variables.product.prodname_dependabot_alerts %}. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts#managing-dependabot-alerts-for-your-enterprise)." + +{% endnote %} + +{% endif %} + 1. Go to the security and analysis settings for your organization. For more information, see "[Displaying the security and analysis settings](#displaying-the-security-and-analysis-settings)." 2. Under "Code security and analysis", to the right of the feature, click **Disable all** or **Enable all**. {% ifversion ghes or ghec %}The control for "{% data variables.product.prodname_GH_advanced_security %}" is disabled if you have no available {% ifversion ghas-billing-UI-update %}licenses{% else %}seats{% endif %} for {% data variables.product.prodname_GH_advanced_security %}.{% endif %} {% ifversion fpt %} @@ -80,17 +90,17 @@ You can enable or disable features for all repositories. {% ifversion fpt or ghec %} 3. Optionally, enable the feature by default for new repositories in your organization. {% ifversion fpt or ghec %} - !["Enable by default" option for new repositories](/assets/images/help/organizations/security-and-analysis-enable-by-default-in-modal.png) + !["Enable by default" option for new repositories](/assets/images/help/organizations/security-and-analysis-enable-by-default-in-modal.png) {% endif %} {% endif %} {% ifversion fpt or ghec %} -4. Click **Disable FEATURE** or **Enable FEATURE** to disable or enable the feature for all the repositories in your organization. +2. Click **Disable FEATURE** or **Enable FEATURE** to disable or enable the feature for all the repositories in your organization. {% ifversion fpt or ghec %} ![Button to disable or enable feature](/assets/images/help/organizations/security-and-analysis-enable-dependency-graph.png) {% endif %} {% endif %} {% ifversion ghae or ghes %} -5. Click **Enable/Disable all** or **Enable/Disable for eligible repositories** to confirm the change. +3. Click **Enable/Disable all** or **Enable/Disable for eligible repositories** to confirm the change. ![Button to enable feature for all the eligible repositories in the organization](/assets/images/enterprise/github-ae/organizations/security-and-analysis-enable-secret-scanning-existing-repos-ghae.png) {% endif %} diff --git a/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository.md b/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository.md index ad6ffaf162..62eb65e056 100644 --- a/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository.md +++ b/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository.md @@ -24,6 +24,17 @@ topics: - Repositories shortTitle: Security & analysis --- + +{% ifversion dependabot-alerts-enterprise-enablement %} + +{% note %} + +**Note:** When {% data variables.product.prodname_dependabot_alerts %} are enabled or disabled at the enterprise level, it overrides the repository level settings for {% data variables.product.prodname_dependabot_alerts %}. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts#managing-dependabot-alerts-for-your-enterprise)." + +{% endnote %} + +{% endif %} + {% ifversion fpt or ghec %} ## Enabling or disabling security and analysis features for public repositories @@ -51,7 +62,7 @@ You can manage the security and analysis features for your {% ifversion fpt or g ![Screenshot of "Enable" or "Disable" button for "Configure security and analysis" features](/assets/images/help/repository/security-and-analysis-disable-or-enable-fpt-private.png){% elsif ghec %} ![Screenshot of "Enable" or "Disable" button for "Configure security and analysis" features](/assets/images/help/repository/security-and-analysis-disable-or-enable-ghec-private.png){% elsif ghes > 3.6 or ghae > 3.6 %} ![Screenshot of "Enable" or "Disable" button for "Configure security and analysis" features](/assets/images/enterprise/3.3/repository/security-and-analysis-disable-or-enable-ghes.png){% endif %} - + {% ifversion not fpt %} {% note %} @@ -82,16 +93,16 @@ Organization owners and repository administrators can only grant access to view {% ifversion fpt or ghec or ghes %} ![Search field for granting people or teams access to security alerts](/assets/images/help/repository/security-and-analysis-security-alerts-person-or-team-search.png) {% endif %} - + {% ifversion ghae %} ![Search field for granting people or teams access to security alerts](/assets/images/enterprise/github-ae/repository/security-and-analysis-security-alerts-person-or-team-search-ghae.png) {% endif %} - + 2. Click **Save changes**. {% ifversion fpt or ghes or ghec %} !["Save changes" button for changes to security alert settings](/assets/images/help/repository/security-and-analysis-security-alerts-save-changes.png) {% endif %} - + {% ifversion ghae %} !["Save changes" button for changes to security alert settings](/assets/images/enterprise/github-ae/repository/security-and-analysis-security-alerts-save-changes-ghae.png) {% endif %} @@ -101,13 +112,12 @@ Organization owners and repository administrators can only grant access to view {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-code-security-and-analysis %} -4. Under "Access to alerts", to the right of the person or team whose access you'd like to remove, click {% octicon "x" aria-label="X symbol" %}. - {% ifversion fpt or ghec or ghes %} - !["x" button to remove someone's access to security alerts for your repository](/assets/images/help/repository/security-and-analysis-security-alerts-username-x.png) - {% endif %} - - {% ifversion ghae %} - !["x" button to remove someone's access to security alerts for your repository](/assets/images/enterprise/github-ae/repository/security-and-analysis-security-alerts-username-x-ghae.png) +4. Under "Access to alerts", to the right of the person or team whose access you'd like to remove, click {% octicon "x" aria-label="X symbol" %}.{% ifversion fpt or ghec or ghes %} + + !["x" button to remove someone's access to security alerts for your repository](/assets/images/help/repository/security-and-analysis-security-alerts-username-x.png) + {% endif %}{% ifversion ghae %} + + !["x" button to remove someone's access to security alerts for your repository](/assets/images/enterprise/github-ae/repository/security-and-analysis-security-alerts-username-x-ghae.png) {% endif %} 5. Click **Save changes**. diff --git a/data/features/dependabot-alerts-enterprise-enablement.yml b/data/features/dependabot-alerts-enterprise-enablement.yml new file mode 100644 index 0000000000..81eab6f26a --- /dev/null +++ b/data/features/dependabot-alerts-enterprise-enablement.yml @@ -0,0 +1,4 @@ +# Reference: issue #9651 +# Dependabot Alerts enablement at the enterprise level +versions: + ghec: '*'