diff --git a/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md b/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md index 211f5fd91b..e9abf98e40 100644 --- a/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md +++ b/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md @@ -651,7 +651,11 @@ updates: ### `registries` -To allow {% data variables.product.prodname_dependabot %} to access a private package registry when performing a version update, you must include a `registries` setting within the relevant `updates` configuration. {% data reusables.dependabot.dependabot-updates-registries %} For more information, see "[Configuration options for private registries](#configuration-options-for-private-registries)" below. +To allow {% data variables.product.prodname_dependabot %} to access a private package registry when performing a version update, you must include a `registries` setting within the relevant `updates` configuration. + +{% data reusables.dependabot.dependabot-updates-registries %} + +For more information, see "[Configuration options for private registries](#configuration-options-for-private-registries)" below. {% data reusables.dependabot.advanced-private-registry-config-link %} diff --git a/content/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot.md b/content/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot.md index 6b63d7b04d..337bbf4e07 100644 --- a/content/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot.md +++ b/content/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot.md @@ -33,7 +33,9 @@ For specific ecosystems, you can configure {% data variables.product.prodname_de ## Configuring private registries You configure {% data variables.product.prodname_dependabot %}'s access to private registries in the `dependabot.yml` file. -The top-level `registries` key is optional and specifies authentication details. {% data reusables.dependabot.dependabot-updates-registries %} +The top-level `registries` key is optional and specifies authentication details. + +{% data reusables.dependabot.dependabot-updates-registries %} {% data reusables.dependabot.dependabot-updates-registries-options %} diff --git a/data/reusables/dependabot/dependabot-updates-registries.md b/data/reusables/dependabot/dependabot-updates-registries.md index cc6e4a16dc..132c581d4a 100644 --- a/data/reusables/dependabot/dependabot-updates-registries.md +++ b/data/reusables/dependabot/dependabot-updates-registries.md @@ -1,12 +1,25 @@ -You can allow all of the defined registries to be used by setting `registries` to `"*"`. +There are 2 locations in the `dependabot.yml` file where you can use the `registries` key: + +- At the top level, where you define the registries and their access information, if needed. +- Within the `updates` blocks, where you can use `registries: "*"` to tell {% data variables.product.prodname_dependabot %} to use any or all of the registries you defined at the top level. ```yaml -# Allow {% data variables.product.prodname_dependabot %} to use all the defined registries +# registries: gradle-artifactory - provides access details for the gradle-artifactory registry +# registries: "*" - allows {% data variables.product.prodname_dependabot %} to use all the defined registries specified at the top level {% raw %} version: 2 -registries: "*" +registries: + gradle-artifactory: + type: maven-repository + url: https://acme.jfrog.io/artifactory/my-gradle-registry + username: octocat + password: ${{secrets.MY_ARTIFACTORY_PASSWORD}} +updates: + - package-ecosystem: "gradle" + directory: "/" + registries: "*" + schedule: + interval: "monthly" {% endraw %} ``` - -Alternatively, you can list the registries that the update can use. To do this, use the name of the registry as defined in the top-level `registries` section of the `dependabot.yml` file.