[2023-06-29]: Pausing Dependabot on inactive repos for GHEC & GHES - [GA] (#38312)

Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
2025-12-19 18:10:59 -05:00 · 2023-06-29 16:27:31 +02:00
parent 570fdaf56f
commit 7ec866faee
4 changed files with 13 additions and 6 deletions
--- a/content/code-security/security-overview/assessing-adoption-code-security.md
+++ b/content/code-security/security-overview/assessing-adoption-code-security.md
@@ -28,6 +28,10 @@ You can use security overview to see which repositories and teams have already e

 {% data reusables.security-overview.information-varies-GHAS %}

+{% ifversion dependabot-updates-paused-enterprise-orgs %}
+
+In the list of repositories, the "Paused" label under "{% data variables.product.prodname_dependabot %}" indicates repositories for which {% data variables.product.prodname_dependabot %} updates are paused. For information about inactivity criteria, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates)" and "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates)," for security and version updates, respectively.{% endif %}
+
 {% data reusables.organizations.navigate-to-org %}
 {% data reusables.organizations.security-overview %}
 1. To display the "Security coverage" view, in the sidebar, click **{% octicon "meter" aria-hidden="true"  %} Coverage**.
--- a/data/features/dependabot-updates-paused-enterprise-orgs.yml
+++ b/data/features/dependabot-updates-paused-enterprise-orgs.yml
@@ -0,0 +1,4 @@
+# Reference: Issue #10199 - Dependabot: automatic, rolling opt-out for inactivity (Version updates, Security updates) - [GA]
+versions:
+  ghec: '*'
+  ghes: '>3.9'
--- a/data/features/dependabot-updates-paused.yml
+++ b/data/features/dependabot-updates-paused.yml
@@ -1,6 +1,5 @@
-# Reference: Issue #8300 - Dependabot: automatic, rolling opt-out for inactivity (Version updates, Security updates) - [GA]
+# Reference: Issue #10199 - Dependabot: automatic, rolling opt-out for inactivity (Version updates, Security updates) - [GA]
 versions:
  fpt: '*'
  ghec: '*'
-  ghes: '>3.8'
-  ghae: '>3.8'
+  ghes: '>3.9'
--- a/data/reusables/dependabot/automatically-pause-dependabot-updates.md
+++ b/data/reusables/dependabot/automatically-pause-dependabot-updates.md
@@ -12,7 +12,7 @@ An active repository is a repository for which a user (not {% data variables.pro

 An inactive repository is a repository that has at least one {% data variables.product.prodname_dependabot %} pull request open for more than 90 days, has been enabled for the full period, and where none of the actions listed above has been taken by a user.

-When {% data variables.product.prodname_dependabot %} is paused, {% data variables.product.prodname_dotcom %} adds a notice to the body of all open {% data variables.product.prodname_dependabot %} pull requests, and assigns a `dependabot-paused` label to these pull requests. You'll also see a banner notice in the UI of the **Settings** tab of the repository (under **Code security and analysis**, then **{% data variables.product.prodname_dependabot %}**), as well in the list of {% data variables.product.prodname_dependabot_alerts %} (if {% data variables.product.prodname_dependabot_security_updates %} are affected).
+When {% data variables.product.prodname_dependabot %} is paused, {% data variables.product.prodname_dotcom %} adds a notice to the body of all open {% data variables.product.prodname_dependabot %} pull requests, and assigns a `dependabot-paused` label to these pull requests. You'll also see a banner notice in the UI of the **Settings** tab of the repository (under **Code security and analysis**, then **{% data variables.product.prodname_dependabot %}**), as well in the list of {% data variables.product.prodname_dependabot_alerts %} (if {% data variables.product.prodname_dependabot_security_updates %} are affected).{% ifversion dependabot-updates-paused-enterprise-orgs %} Additionally, you will be able to see whether {% data variables.product.prodname_dependabot %} is paused at the organization-level in the security overview. The `paused` status will also be visible via the API. For more information, see "[AUTOTITLE](/rest/repos#enable-automated-security-fixes)" in the REST API documentation.{% endif %}

 As soon as a maintainer interacts with a {% data variables.product.prodname_dependabot %} pull request again, {% data variables.product.prodname_dependabot %} will unpause itself:
 - Security updates are automatically resumed for {% data variables.product.prodname_dependabot_alerts %}.