jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 18:10:59 -05:00
Code Issues Projects Releases Wiki Activity

GitHub AE May 2022 update (#27179)

Browse Source
This commit is contained in:
Matt Pollard
2022-05-17 16:59:26 +02:00
committed by GitHub
parent 7e3ca865eb
commit 52f7aaf271
80 changed files with 364 additions and 163 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
content/code-security/getting-started/github-security-features.md
View File

@@ -20,7 +20,7 @@ topics:
The {% data variables.product.prodname_advisory_database %} contains a curated list of security vulnerabilities that you can view, search, and filter. {% data reusables.security-advisory.link-browsing-advisory-db %}
{% ifversion fpt or ghes or ghae-issue-4864 or ghec %}
{% ifversion fpt or ghes or ghae or ghec %}
## Available for all repositories
{% endif %}
### Security policy
@@ -41,7 +41,7 @@ View alerts about dependencies that are known to contain security vulnerabilitie
and "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)."
{% endif %}
{% ifversion ghes < 3.3 or ghae-issue-4864 %}
{% ifversion ghes < 3.3 or ghae %}
### {% data variables.product.prodname_dependabot_alerts %}
{% data reusables.dependabot.dependabot-alerts-beta %}
@@ -55,7 +55,7 @@ View alerts about dependencies that are known to contain security vulnerabilitie
Use {% data variables.product.prodname_dependabot %} to automatically raise pull requests to keep your dependencies up-to-date. This helps reduce your exposure to older versions of dependencies. Using newer versions makes it easier to apply patches if security vulnerabilities are discovered, and also makes it easier for {% data variables.product.prodname_dependabot_security_updates %} to successfully raise pull requests to upgrade vulnerable dependencies. For more information, see "[About {% data variables.product.prodname_dependabot_version_updates %}](/github/administering-a-repository/about-dependabot-version-updates)."
{% endif %}
{% ifversion fpt or ghes or ghae-issue-4864 or ghec %}
{% ifversion fpt or ghes or ghae or ghec %}
### Dependency graph
The dependency graph allows you to explore the ecosystems and packages that your repository depends on and the repositories and packages that depend on your repository.
@@ -100,13 +100,13 @@ Available only with a license for {% data variables.product.prodname_GH_advanced
Automatically detect tokens or credentials that have been checked into a repository. You can view alerts for any secrets that {% data variables.product.company_short %} finds in your code, so that you know which tokens or credentials to treat as compromised. For more information, see "[About secret scanning](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-for-advanced-security)."
{% endif %}
{% ifversion fpt or ghes > 3.1 or ghae-issue-4864 or ghec %}
{% ifversion fpt or ghes > 3.1 or ghae or ghec %}
### Dependency review
Show the full impact of changes to dependencies and see details of any vulnerable versions before you merge a pull request. For more information, see "[About dependency review](/code-security/supply-chain-security/about-dependency-review)."
{% endif %}
{% ifversion ghec or ghes > 3.1 or ghae-issue-4554 %}
{% ifversion ghec or ghes > 3.1 or ghae %}
### Security overview for organizations{% ifversion ghec or ghes > 3.4 or ghae-issue-6199 %}, enterprises,{% endif %} and teams
{% ifversion ghec %}