From 5d68a14c2f670ccb3949e9a42f86c422cd0a293d Mon Sep 17 00:00:00 2001 From: Jules Parker <19994093+jules-p@users.noreply.github.com> Date: Mon, 29 Aug 2022 15:58:56 +0200 Subject: [PATCH 1/5] updates supported repos section --- ...configuring-dependabot-security-updates.md | 19 +++---------------- 1 file changed, 3 insertions(+), 16 deletions(-) diff --git a/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md b/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md index c54d3d47c1..81a1971a50 100644 --- a/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md +++ b/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md @@ -30,7 +30,7 @@ topics: ## About configuring {% data variables.product.prodname_dependabot_security_updates %} -You can enable {% data variables.product.prodname_dependabot_security_updates %} for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)." +You can enable {% data variables.product.prodname_dependabot_security_updates %} at the repository level or for all repositories owned by your personal account or organization. You can enable {% data variables.product.prodname_dependabot_security_updates %} for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)." You can disable {% data variables.product.prodname_dependabot_security_updates %} for an individual repository or for all repositories owned by your personal account or organization. For more information, see "[Managing {% data variables.product.prodname_dependabot_security_updates %} for your repositories](#managing-dependabot-security-updates-for-your-repositories)" below. @@ -38,21 +38,9 @@ You can disable {% data variables.product.prodname_dependabot_security_updates % ## Supported repositories -{% data variables.product.prodname_dotcom %} automatically enables {% data variables.product.prodname_dependabot_security_updates %} for every repository that meets these prerequisites. +{% data variables.product.prodname_dotcom %} automatically enables {% data variables.product.prodname_dependabot_security_updates %} for newly created repositories if your personal account or organization has enabled **Automatically enable for new repositories** for {% data variables.product.prodname_dependabot_security_updates %}. For more information, see "[Managing security and analysis settings for your personal account](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-security-and-analysis-settings-for-your-personal-account)" or "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)." -{% note %} - -**Note**: You can manually enable {% data variables.product.prodname_dependabot_security_updates %}, even if the repository doesn't meet some of the prerequisites below. For example, you can enable {% data variables.product.prodname_dependabot_security_updates %} on a fork, or for a package manager that isn't directly supported by following the instructions in "[Managing {% data variables.product.prodname_dependabot_security_updates %} for your repositories](#managing-dependabot-security-updates-for-your-repositories)." - -{% endnote %} - -| Automatic enablement prerequisite | More information | -| ----------------- | ----------------------- | -| Repository is not a fork | "[About forks](/github/collaborating-with-issues-and-pull-requests/about-forks)" | -| Repository is not archived | "[Archiving repositories](/github/creating-cloning-and-archiving-repositories/archiving-repositories)" |{% ifversion fpt or ghec %} -| Repository is public, or repository is private and you have enabled read-only analysis by {% data variables.product.prodname_dotcom %}, dependency graph, and vulnerability alerts in the repository's settings | "[Managing data use settings for your private repository](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)." |{% endif %} -| Repository contains dependency manifest file from a package ecosystem that {% data variables.product.prodname_dotcom %} supports | "[Supported package ecosystems](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)" | -| {% data variables.product.prodname_dependabot_security_updates %} are not disabled for the repository | "[Managing {% data variables.product.prodname_dependabot_security_updates %} for your repository](#managing-dependabot-security-updates-for-your-repositories)" | +If you create a fork of a repository that has security updates enabled, {% data variables.product.prodname_dotcom %} will automatically disable {% data variables.product.prodname_dependabot_security_updates %} for the fork. You can then decide whether to enable {% data variables.product.prodname_dependabot_security_updates %} on the specific fork. For more information on enabling {% data variables.product.prodname_dependabot_security_updates %} for an individual repository, see "[Enabling or disabling {% data variables.product.prodname_dependabot_security_updates %} for an individual repository](s#enabling-or-disabling-dependabot-security-updates-for-an-individual-repository)." If security updates are not enabled for your repository and you don't know why, first try enabling them using the instructions given in the procedural sections below. If security updates are still not working, you can contact {% data variables.contact.contact_support %}. @@ -60,7 +48,6 @@ If security updates are not enabled for your repository and you don't know why, You can enable or disable {% data variables.product.prodname_dependabot_security_updates %} for an individual repository (see below). - You can also enable or disable {% data variables.product.prodname_dependabot_security_updates %} for all repositories owned by your personal account or organization. For more information, see "[Managing security and analysis settings for your personal account](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-security-and-analysis-settings-for-your-personal-account)" or "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)." {% data variables.product.prodname_dependabot_security_updates %} require specific repository settings. For more information, see "[Supported repositories](#supported-repositories)." From 1c9a61ca1fa02e92a28546c4a03b7ae642d124e2 Mon Sep 17 00:00:00 2001 From: Jules Parker <19994093+jules-p@users.noreply.github.com> Date: Mon, 29 Aug 2022 16:48:43 +0200 Subject: [PATCH 2/5] fix typo --- .../configuring-dependabot-security-updates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md b/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md index 81a1971a50..e87b53c8bc 100644 --- a/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md +++ b/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md @@ -40,7 +40,7 @@ You can disable {% data variables.product.prodname_dependabot_security_updates % {% data variables.product.prodname_dotcom %} automatically enables {% data variables.product.prodname_dependabot_security_updates %} for newly created repositories if your personal account or organization has enabled **Automatically enable for new repositories** for {% data variables.product.prodname_dependabot_security_updates %}. For more information, see "[Managing security and analysis settings for your personal account](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-security-and-analysis-settings-for-your-personal-account)" or "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)." -If you create a fork of a repository that has security updates enabled, {% data variables.product.prodname_dotcom %} will automatically disable {% data variables.product.prodname_dependabot_security_updates %} for the fork. You can then decide whether to enable {% data variables.product.prodname_dependabot_security_updates %} on the specific fork. For more information on enabling {% data variables.product.prodname_dependabot_security_updates %} for an individual repository, see "[Enabling or disabling {% data variables.product.prodname_dependabot_security_updates %} for an individual repository](s#enabling-or-disabling-dependabot-security-updates-for-an-individual-repository)." +If you create a fork of a repository that has security updates enabled, {% data variables.product.prodname_dotcom %} will automatically disable {% data variables.product.prodname_dependabot_security_updates %} for the fork. You can then decide whether to enable {% data variables.product.prodname_dependabot_security_updates %} on the specific fork. For more information on enabling {% data variables.product.prodname_dependabot_security_updates %} for an individual repository, see "[Enabling or disabling {% data variables.product.prodname_dependabot_security_updates %} for an individual repository](#enabling-or-disabling-dependabot-security-updates-for-an-individual-repository)." If security updates are not enabled for your repository and you don't know why, first try enabling them using the instructions given in the procedural sections below. If security updates are still not working, you can contact {% data variables.contact.contact_support %}. From 761b0a16a34a3dc09e3d07e9e9a9ec32ba8c3fde Mon Sep 17 00:00:00 2001 From: Jules Parker <19994093+jules-p@users.noreply.github.com> Date: Thu, 1 Sep 2022 16:56:16 +0200 Subject: [PATCH 3/5] updates from cd plan --- .../configuring-dependabot-security-updates.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md b/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md index e87b53c8bc..ebd0e98447 100644 --- a/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md +++ b/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md @@ -38,7 +38,7 @@ You can disable {% data variables.product.prodname_dependabot_security_updates % ## Supported repositories -{% data variables.product.prodname_dotcom %} automatically enables {% data variables.product.prodname_dependabot_security_updates %} for newly created repositories if your personal account or organization has enabled **Automatically enable for new repositories** for {% data variables.product.prodname_dependabot_security_updates %}. For more information, see "[Managing security and analysis settings for your personal account](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-security-and-analysis-settings-for-your-personal-account)" or "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)." +{% data variables.product.prodname_dotcom %} automatically enables {% data variables.product.prodname_dependabot_security_updates %} for newly created repositories if your personal account or organization has enabled **Automatically enable for new repositories** for {% data variables.product.prodname_dependabot_security_updates %}. For more information, see "[Managing {% data variables.product.prodname_dependabot_security_updates %} for your repositories](#managing-dependabot-security-updates-for-your-repositories)." If you create a fork of a repository that has security updates enabled, {% data variables.product.prodname_dotcom %} will automatically disable {% data variables.product.prodname_dependabot_security_updates %} for the fork. You can then decide whether to enable {% data variables.product.prodname_dependabot_security_updates %} on the specific fork. For more information on enabling {% data variables.product.prodname_dependabot_security_updates %} for an individual repository, see "[Enabling or disabling {% data variables.product.prodname_dependabot_security_updates %} for an individual repository](#enabling-or-disabling-dependabot-security-updates-for-an-individual-repository)." @@ -46,11 +46,11 @@ If security updates are not enabled for your repository and you don't know why, ## Managing {% data variables.product.prodname_dependabot_security_updates %} for your repositories -You can enable or disable {% data variables.product.prodname_dependabot_security_updates %} for an individual repository (see below). +You can enable or disable {% data variables.product.prodname_dependabot_security_updates %} for all qualifying repositories owned by your personal account or organization. For more information, see "[Managing security and analysis settings for your personal account](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-security-and-analysis-settings-for-your-personal-account)" or "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)." -You can also enable or disable {% data variables.product.prodname_dependabot_security_updates %} for all repositories owned by your personal account or organization. For more information, see "[Managing security and analysis settings for your personal account](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-security-and-analysis-settings-for-your-personal-account)" or "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)." +{% data variables.product.prodname_dependabot_security_updates %} enabled at the personal or organization account level require specific repository settings. For more information, see "[Supported repositories](#supported-repositories)." -{% data variables.product.prodname_dependabot_security_updates %} require specific repository settings. For more information, see "[Supported repositories](#supported-repositories)." +You can also enable or disable {% data variables.product.prodname_dependabot_security_updates %} for an individual repository. ### Enabling or disabling {% data variables.product.prodname_dependabot_security_updates %} for an individual repository From b38ef39324abd748ebf70810f931c77403780a06 Mon Sep 17 00:00:00 2001 From: Jules <19994093+jules-p@users.noreply.github.com> Date: Tue, 13 Sep 2022 11:44:08 +0200 Subject: [PATCH 4/5] Update configuring-dependabot-security-updates.md --- .../configuring-dependabot-security-updates.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md b/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md index ebd0e98447..bfade28dee 100644 --- a/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md +++ b/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md @@ -48,8 +48,6 @@ If security updates are not enabled for your repository and you don't know why, You can enable or disable {% data variables.product.prodname_dependabot_security_updates %} for all qualifying repositories owned by your personal account or organization. For more information, see "[Managing security and analysis settings for your personal account](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-security-and-analysis-settings-for-your-personal-account)" or "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)." -{% data variables.product.prodname_dependabot_security_updates %} enabled at the personal or organization account level require specific repository settings. For more information, see "[Supported repositories](#supported-repositories)." - You can also enable or disable {% data variables.product.prodname_dependabot_security_updates %} for an individual repository. ### Enabling or disabling {% data variables.product.prodname_dependabot_security_updates %} for an individual repository From a52d4db6e0f9643bd6b8f8d5acfac60d181ad8e5 Mon Sep 17 00:00:00 2001 From: Jules <19994093+jules-p@users.noreply.github.com> Date: Tue, 13 Sep 2022 11:48:49 +0200 Subject: [PATCH 5/5] Update configuring-dependabot-security-updates.md --- .../configuring-dependabot-security-updates.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md b/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md index bfade28dee..9aa2d56b0c 100644 --- a/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md +++ b/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md @@ -32,7 +32,7 @@ topics: You can enable {% data variables.product.prodname_dependabot_security_updates %} at the repository level or for all repositories owned by your personal account or organization. You can enable {% data variables.product.prodname_dependabot_security_updates %} for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)." -You can disable {% data variables.product.prodname_dependabot_security_updates %} for an individual repository or for all repositories owned by your personal account or organization. For more information, see "[Managing {% data variables.product.prodname_dependabot_security_updates %} for your repositories](#managing-dependabot-security-updates-for-your-repositories)" below. +You can disable {% data variables.product.prodname_dependabot_security_updates %} for an individual repository or for all repositories owned by your personal account or organization. {% ifversion fpt or ghec %}{% data reusables.dependabot.dependabot-tos %}{% endif %} @@ -40,7 +40,7 @@ You can disable {% data variables.product.prodname_dependabot_security_updates % {% data variables.product.prodname_dotcom %} automatically enables {% data variables.product.prodname_dependabot_security_updates %} for newly created repositories if your personal account or organization has enabled **Automatically enable for new repositories** for {% data variables.product.prodname_dependabot_security_updates %}. For more information, see "[Managing {% data variables.product.prodname_dependabot_security_updates %} for your repositories](#managing-dependabot-security-updates-for-your-repositories)." -If you create a fork of a repository that has security updates enabled, {% data variables.product.prodname_dotcom %} will automatically disable {% data variables.product.prodname_dependabot_security_updates %} for the fork. You can then decide whether to enable {% data variables.product.prodname_dependabot_security_updates %} on the specific fork. For more information on enabling {% data variables.product.prodname_dependabot_security_updates %} for an individual repository, see "[Enabling or disabling {% data variables.product.prodname_dependabot_security_updates %} for an individual repository](#enabling-or-disabling-dependabot-security-updates-for-an-individual-repository)." +If you create a fork of a repository that has security updates enabled, {% data variables.product.prodname_dotcom %} will automatically disable {% data variables.product.prodname_dependabot_security_updates %} for the fork. You can then decide whether to enable {% data variables.product.prodname_dependabot_security_updates %} on the specific fork. If security updates are not enabled for your repository and you don't know why, first try enabling them using the instructions given in the procedural sections below. If security updates are still not working, you can contact {% data variables.contact.contact_support %}.