jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 18:10:59 -05:00
Code Issues Projects Releases Wiki Activity

[2023-06-29]: Pausing Dependabot on inactive repos for GHEC & GHES - [GA] (#38312)

Browse Source 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
This commit is contained in:
Sophie
2023-06-29 16:27:31 +02:00
committed by GitHub
parent 570fdaf56f
commit 7ec866faee
4 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
content/code-security/security-overview/assessing-adoption-code-security.md
View File

@@ -28,6 +28,10 @@ You can use security overview to see which repositories and teams have already e
{% data reusables.security-overview.information-varies-GHAS %} {% data reusables.security-overview.information-varies-GHAS %}
{% ifversion dependabot-updates-paused-enterprise-orgs %}
In the list of repositories, the "Paused" label under "{% data variables.product.prodname_dependabot %}" indicates repositories for which {% data variables.product.prodname_dependabot %} updates are paused. For information about inactivity criteria, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates)" and "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates)," for security and version updates, respectively.{% endif %}
{% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.navigate-to-org %}
{% data reusables.organizations.security-overview %} {% data reusables.organizations.security-overview %}
1. To display the "Security coverage" view, in the sidebar, click **{% octicon "meter" aria-hidden="true" %} Coverage**. 1. To display the "Security coverage" view, in the sidebar, click **{% octicon "meter" aria-hidden="true" %} Coverage**.

4
data/features/dependabot-updates-paused-enterprise-orgs.yml Normal file
View File

@@ -0,0 +1,4 @@
# Reference: Issue #10199 - Dependabot: automatic, rolling opt-out for inactivity (Version updates, Security updates) - [GA]
versions:
ghec: '*'
ghes: '>3.9'

5
data/features/dependabot-updates-paused.yml
View File

@@ -1,6 +1,5 @@
# Reference: Issue #8300 - Dependabot: automatic, rolling opt-out for inactivity (Version updates, Security updates) - [GA] # Reference: Issue #10199 - Dependabot: automatic, rolling opt-out for inactivity (Version updates, Security updates) - [GA]
versions: versions:
fpt: '*' fpt: '*'
ghec: '*' ghec: '*'
ghes: '>3.8' ghes: '>3.9'
ghae: '>3.8'

2
data/reusables/dependabot/automatically-pause-dependabot-updates.md
View File

@@ -12,7 +12,7 @@ An active repository is a repository for which a user (not {% data variables.pro
An inactive repository is a repository that has at least one {% data variables.product.prodname_dependabot %} pull request open for more than 90 days, has been enabled for the full period, and where none of the actions listed above has been taken by a user. An inactive repository is a repository that has at least one {% data variables.product.prodname_dependabot %} pull request open for more than 90 days, has been enabled for the full period, and where none of the actions listed above has been taken by a user.
When {% data variables.product.prodname_dependabot %} is paused, {% data variables.product.prodname_dotcom %} adds a notice to the body of all open {% data variables.product.prodname_dependabot %} pull requests, and assigns a `dependabot-paused` label to these pull requests. You'll also see a banner notice in the UI of the **Settings** tab of the repository (under **Code security and analysis**, then **{% data variables.product.prodname_dependabot %}**), as well in the list of {% data variables.product.prodname_dependabot_alerts %} (if {% data variables.product.prodname_dependabot_security_updates %} are affected). When {% data variables.product.prodname_dependabot %} is paused, {% data variables.product.prodname_dotcom %} adds a notice to the body of all open {% data variables.product.prodname_dependabot %} pull requests, and assigns a `dependabot-paused` label to these pull requests. You'll also see a banner notice in the UI of the **Settings** tab of the repository (under **Code security and analysis**, then **{% data variables.product.prodname_dependabot %}**), as well in the list of {% data variables.product.prodname_dependabot_alerts %} (if {% data variables.product.prodname_dependabot_security_updates %} are affected).{% ifversion dependabot-updates-paused-enterprise-orgs %} Additionally, you will be able to see whether {% data variables.product.prodname_dependabot %} is paused at the organization-level in the security overview. The `paused` status will also be visible via the API. For more information, see "[AUTOTITLE](/rest/repos#enable-automated-security-fixes)" in the REST API documentation.{% endif %}
As soon as a maintainer interacts with a {% data variables.product.prodname_dependabot %} pull request again, {% data variables.product.prodname_dependabot %} will unpause itself: As soon as a maintainer interacts with a {% data variables.product.prodname_dependabot %} pull request again, {% data variables.product.prodname_dependabot %} will unpause itself:
- Security updates are automatically resumed for {% data variables.product.prodname_dependabot_alerts %}. - Security updates are automatically resumed for {% data variables.product.prodname_dependabot_alerts %}.