jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 18:10:59 -05:00
Code Issues Projects Releases Wiki Activity

Dependabot org-level private registries (#56714)

Browse Source 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
This commit is contained in:
Jake Coffman
2025-07-22 12:29:27 -05:00
committed by GitHub
parent 77744a9703
commit 596e626d66
2 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
content/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot.md
View File

@@ -33,7 +33,13 @@ For specific ecosystems, you can configure {% data variables.product.prodname_de
## Configuring private registries
You configure {% data variables.product.prodname_dependabot %}'s access to private registries in the `dependabot.yml` file.
{% ifversion org-private-registry %}
You can configure {% data variables.product.prodname_dependabot %}'s access to private registries at the org-level. For more information on how to configure that, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/giving-org-access-private-registries).
{% endif %}
You can also configure {% data variables.product.prodname_dependabot %}'s access to private registries in the `dependabot.yml` file.
The top-level `registries` key is optional and specifies authentication details.
{% data reusables.dependabot.dependabot-updates-registries %}

2
content/code-security/securing-your-organization/enabling-security-features-in-your-organization/giving-org-access-private-registries.md
View File

@@ -59,7 +59,7 @@ Any private registries used by the build must also be accessible to the workflow
## {% data variables.product.prodname_dependabot %} updates access to private registries
{% data variables.product.prodname_dependabot %} uses any private registries defined in the `dependabot.yml` file. It does not have access to the organization-level private registries used by {% data variables.product.prodname_code_scanning %} default setup.
{% data variables.product.prodname_dependabot %} can use any of the org-level private registries, as well as uses any private registries defined in the `dependabot.yml` file in the repo.
{% data variables.product.prodname_dependabot %} cannot check for security or version updates for code stored in a private registry unless it can access the registry. If you do not configure access to the private registry, then {% data variables.product.prodname_dependabot %} cannot raise pull requests to update any of the dependencies stored in the registry.