From 7ec866faee058130c7f87430f70e22bac5aee8c8 Mon Sep 17 00:00:00 2001 From: Sophie <29382425+sophietheking@users.noreply.github.com> Date: Thu, 29 Jun 2023 16:27:31 +0200 Subject: [PATCH] [2023-06-29]: Pausing Dependabot on inactive repos for GHEC & GHES - [GA] (#38312) Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- .../security-overview/assessing-adoption-code-security.md | 8 ++++++-- .../dependabot-updates-paused-enterprise-orgs.yml | 4 ++++ data/features/dependabot-updates-paused.yml | 5 ++--- .../dependabot/automatically-pause-dependabot-updates.md | 2 +- 4 files changed, 13 insertions(+), 6 deletions(-) create mode 100644 data/features/dependabot-updates-paused-enterprise-orgs.yml diff --git a/content/code-security/security-overview/assessing-adoption-code-security.md b/content/code-security/security-overview/assessing-adoption-code-security.md index 07d68e7b90..d99e065269 100644 --- a/content/code-security/security-overview/assessing-adoption-code-security.md +++ b/content/code-security/security-overview/assessing-adoption-code-security.md @@ -6,7 +6,7 @@ intro: 'You can use security overview to see which teams and repositories have a permissions: '{% data reusables.security-overview.permissions %}' product: '{% data reusables.gated-features.security-overview %}' type: how_to -topics: +topics: - Security overview - Advanced Security - 'Set up' @@ -28,13 +28,17 @@ You can use security overview to see which repositories and teams have already e {% data reusables.security-overview.information-varies-GHAS %} +{% ifversion dependabot-updates-paused-enterprise-orgs %} + +In the list of repositories, the "Paused" label under "{% data variables.product.prodname_dependabot %}" indicates repositories for which {% data variables.product.prodname_dependabot %} updates are paused. For information about inactivity criteria, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates)" and "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates)," for security and version updates, respectively.{% endif %} + {% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.security-overview %} 1. To display the "Security coverage" view, in the sidebar, click **{% octicon "meter" aria-hidden="true" %} Coverage**. {% data reusables.code-scanning.using-security-overview-coverage %} ![Screenshot of the header section of the "Security coverage" view on the "Security" tab for an organization. The options for filtering are outlined in dark orange, including "enabled" and "not enabled" links, "Teams" selector, archived repositories, and search field.](/assets/images/help/security-overview/security-coverage-view-highlights.png) - + 1. Optionally, click **{% octicon "gear" aria-hidden="true" %} Security settings** to enable code security features for a repository and click **Save security settings** to confirm the changes. If a feature is not shown, it has more complex configuration requirements and you need to use the repository settings dialog. For more information, see "[AUTOTITLE](/code-security/getting-started/securing-your-repository)." {% ifversion code-security-multi-repo-enablement %} 1. Optionally, select some or all of the repositories that match your current search and click **Security settings** in the table header to display a side panel where you can enable security features for the selected repositories. When you've finished, click **Apply changes** to confirm the changes. For more information, see "[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories)." diff --git a/data/features/dependabot-updates-paused-enterprise-orgs.yml b/data/features/dependabot-updates-paused-enterprise-orgs.yml new file mode 100644 index 0000000000..2b9d668a63 --- /dev/null +++ b/data/features/dependabot-updates-paused-enterprise-orgs.yml @@ -0,0 +1,4 @@ +# Reference: Issue #10199 - Dependabot: automatic, rolling opt-out for inactivity (Version updates, Security updates) - [GA] +versions: + ghec: '*' + ghes: '>3.9' diff --git a/data/features/dependabot-updates-paused.yml b/data/features/dependabot-updates-paused.yml index a253f98973..4d82773e79 100644 --- a/data/features/dependabot-updates-paused.yml +++ b/data/features/dependabot-updates-paused.yml @@ -1,6 +1,5 @@ -# Reference: Issue #8300 - Dependabot: automatic, rolling opt-out for inactivity (Version updates, Security updates) - [GA] +# Reference: Issue #10199 - Dependabot: automatic, rolling opt-out for inactivity (Version updates, Security updates) - [GA] versions: fpt: '*' ghec: '*' - ghes: '>3.8' - ghae: '>3.8' + ghes: '>3.9' diff --git a/data/reusables/dependabot/automatically-pause-dependabot-updates.md b/data/reusables/dependabot/automatically-pause-dependabot-updates.md index c4e3d0c2ca..4edd2e3e19 100644 --- a/data/reusables/dependabot/automatically-pause-dependabot-updates.md +++ b/data/reusables/dependabot/automatically-pause-dependabot-updates.md @@ -12,7 +12,7 @@ An active repository is a repository for which a user (not {% data variables.pro An inactive repository is a repository that has at least one {% data variables.product.prodname_dependabot %} pull request open for more than 90 days, has been enabled for the full period, and where none of the actions listed above has been taken by a user. -When {% data variables.product.prodname_dependabot %} is paused, {% data variables.product.prodname_dotcom %} adds a notice to the body of all open {% data variables.product.prodname_dependabot %} pull requests, and assigns a `dependabot-paused` label to these pull requests. You'll also see a banner notice in the UI of the **Settings** tab of the repository (under **Code security and analysis**, then **{% data variables.product.prodname_dependabot %}**), as well in the list of {% data variables.product.prodname_dependabot_alerts %} (if {% data variables.product.prodname_dependabot_security_updates %} are affected). +When {% data variables.product.prodname_dependabot %} is paused, {% data variables.product.prodname_dotcom %} adds a notice to the body of all open {% data variables.product.prodname_dependabot %} pull requests, and assigns a `dependabot-paused` label to these pull requests. You'll also see a banner notice in the UI of the **Settings** tab of the repository (under **Code security and analysis**, then **{% data variables.product.prodname_dependabot %}**), as well in the list of {% data variables.product.prodname_dependabot_alerts %} (if {% data variables.product.prodname_dependabot_security_updates %} are affected).{% ifversion dependabot-updates-paused-enterprise-orgs %} Additionally, you will be able to see whether {% data variables.product.prodname_dependabot %} is paused at the organization-level in the security overview. The `paused` status will also be visible via the API. For more information, see "[AUTOTITLE](/rest/repos#enable-automated-security-fixes)" in the REST API documentation.{% endif %} As soon as a maintainer interacts with a {% data variables.product.prodname_dependabot %} pull request again, {% data variables.product.prodname_dependabot %} will unpause itself: - Security updates are automatically resumed for {% data variables.product.prodname_dependabot_alerts %}.