From 6621c44fcef0458483416c36590feabc8dfd292a Mon Sep 17 00:00:00 2001 From: mc <42146119+mchammer01@users.noreply.github.com> Date: Tue, 30 Nov 2021 08:24:50 +0000 Subject: [PATCH] simplified some versioning and used variable (#23172) versioning simplification and variable fixes --- .../configuring-notifications.md | 2 +- .../managing-notifications-from-your-inbox.md | 2 +- .../permission-levels-for-a-user-account-repository.md | 2 +- ...and-dependabot-alerts-on-your-enterprise-account.md | 4 ++-- .../setting-up-dependabot-updates.md | 2 +- .../about-alerts-for-vulnerable-dependencies.md | 5 ++--- .../about-dependabot-security-updates.md | 2 +- ...guring-notifications-for-vulnerable-dependencies.md | 4 ++-- .../index.md | 2 +- ...hooting-the-detection-of-vulnerable-dependencies.md | 2 +- ...ating-vulnerable-dependencies-in-your-repository.md | 2 +- .../reviewing-the-audit-log-for-your-organization.md | 10 +++++----- data/reusables/repositories/enable-security-alerts.md | 2 +- .../repositories/security-alerts-x-github-severity.md | 2 +- 14 files changed, 21 insertions(+), 22 deletions(-) diff --git a/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md b/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md index 22f2617a18..336375911a 100644 --- a/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md +++ b/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md @@ -206,7 +206,7 @@ If you are a member of more than one organization, you can configure each one to {% data reusables.notifications.vulnerable-dependency-notification-delivery-method-customization2 %} {% data reusables.notifications.vulnerable-dependency-notification-options %} -For more information about the notification delivery methods available to you, and advice on optimizing your notifications for {% ifversion fpt or ghes or ghec %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %}, see "[Configuring notifications for vulnerable dependencies](/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies)." +For more information about the notification delivery methods available to you, and advice on optimizing your notifications for {% data variables.product.prodname_dependabot_alerts %}, see "[Configuring notifications for vulnerable dependencies](/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies)." {% endif %} {% ifversion fpt or ghes or ghec %} diff --git a/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md b/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md index 446b3ae223..0b8710d460 100644 --- a/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md +++ b/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md @@ -108,7 +108,7 @@ To add a `repo:` filter, you must include the owner of the repository in the que ### Supported `is:` queries -To filter notifications for specific activity on {% data variables.product.product_location %}, you can use the `is` query. For example, to only see repository invitation updates, use `is:repository-invitation`{% ifversion not ghae %}, and to only see {% data variables.product.prodname_dependabot %} alerts, use `is:repository-vulnerability-alert`{% endif %}. +To filter notifications for specific activity on {% data variables.product.product_location %}, you can use the `is` query. For example, to only see repository invitation updates, use `is:repository-invitation`{% ifversion not ghae %}, and to only see {% data variables.product.prodname_dependabot_alerts %}, use `is:repository-vulnerability-alert`{% endif %}. - `is:check-suite` - `is:commit` diff --git a/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/permission-levels-for-a-user-account-repository.md b/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/permission-levels-for-a-user-account-repository.md index cc38e874c5..b13d0f4867 100644 --- a/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/permission-levels-for-a-user-account-repository.md +++ b/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/permission-levels-for-a-user-account-repository.md @@ -45,7 +45,7 @@ The repository owner has full control of the repository. In addition to the acti | Delete packages | "[Deleting packages](/packages/learn-github-packages/deleting-a-package)" |{% endif %} | Customize the repository's social media preview | "[Customizing your repository's social media preview](/github/administering-a-repository/customizing-your-repositorys-social-media-preview)" | | Create a template from the repository | "[Creating a template repository](/github/creating-cloning-and-archiving-repositories/creating-a-template-repository)" |{% ifversion fpt or ghes or ghae-issue-4864 or ghec %} -| Control access to {% data variables.product.prodname_dependabot_alerts %} alerts for vulnerable dependencies | "[Managing security and analysis settings for your repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)" |{% endif %}{% ifversion fpt or ghec %} +| Control access to {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies | "[Managing security and analysis settings for your repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)" |{% endif %}{% ifversion fpt or ghec %} | Dismiss {% data variables.product.prodname_dependabot_alerts %} in the repository | "[Viewing and updating vulnerable dependencies in your repository](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" | | Manage data use for a private repository | "[Managing data use settings for your private repository](/github/understanding-how-github-uses-and-protects-your-data/managing-data-use-settings-for-your-private-repository)"|{% endif %} | Define code owners for the repository | "[About code owners](/github/creating-cloning-and-archiving-repositories/about-code-owners)" | diff --git a/content/admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-the-dependency-graph-and-dependabot-alerts-on-your-enterprise-account.md b/content/admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-the-dependency-graph-and-dependabot-alerts-on-your-enterprise-account.md index 983821794c..7ae65dd0ef 100644 --- a/content/admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-the-dependency-graph-and-dependabot-alerts-on-your-enterprise-account.md +++ b/content/admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-the-dependency-graph-and-dependabot-alerts-on-your-enterprise-account.md @@ -1,6 +1,6 @@ --- title: Enabling the dependency graph and Dependabot alerts on your enterprise account -intro: 'You can connect {% data variables.product.product_location %} to {% data variables.product.prodname_ghe_cloud %} and enable the dependency graph and {% data variables.product.prodname_dependabot %} alerts in repositories in your instance.' +intro: 'You can connect {% data variables.product.product_location %} to {% data variables.product.prodname_ghe_cloud %} and enable the dependency graph and {% data variables.product.prodname_dependabot_alerts %} in repositories in your instance.' shortTitle: Enable dependency analysis redirect_from: - /enterprise/admin/installation/enabling-security-alerts-for-vulnerable-dependencies-on-github-enterprise-server @@ -9,7 +9,7 @@ redirect_from: - /admin/configuration/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server - /admin/configuration/managing-connections-between-github-enterprise-server-and-github-enterprise-cloud/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server - /admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server -permissions: 'Enterprise owners who are also owners of the connected {% data variables.product.prodname_ghe_cloud %} organization or enterprise account can enable the dependency graph and {% data variables.product.prodname_dependabot %} alerts on {% data variables.product.product_location %}.' +permissions: 'Enterprise owners who are also owners of the connected {% data variables.product.prodname_ghe_cloud %} organization or enterprise account can enable the dependency graph and {% data variables.product.prodname_dependabot_alerts %} on {% data variables.product.product_location %}.' versions: ghes: '*' ghae: issue-4864 diff --git a/content/admin/github-actions/enabling-github-actions-for-github-enterprise-server/setting-up-dependabot-updates.md b/content/admin/github-actions/enabling-github-actions-for-github-enterprise-server/setting-up-dependabot-updates.md index 9e5097278e..5ebd02f920 100644 --- a/content/admin/github-actions/enabling-github-actions-for-github-enterprise-server/setting-up-dependabot-updates.md +++ b/content/admin/github-actions/enabling-github-actions-for-github-enterprise-server/setting-up-dependabot-updates.md @@ -37,7 +37,7 @@ Both types of {% data variables.product.prodname_dependabot %} update have the f - Configure {% data variables.product.product_location %} to use {% data variables.product.prodname_actions %}. For more information, see "[Getting started with {% data variables.product.prodname_actions %} for GitHub Enterprise Server](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/getting-started-with-github-actions-for-github-enterprise-server)." - Set up one or more {% data variables.product.prodname_actions %} self-hosted runners for {% data variables.product.prodname_dependabot %}. For more information, see "[Setting up self-hosted runners for {% data variables.product.prodname_dependabot %} updates](#setting-up-self-hosted-runners-for-dependabot-updates)" below. -Additionally, {% data variables.product.prodname_dependabot_security_updates %} rely on the dependency graph, vulnerability data from {% data variables.product.prodname_github_connect %}, and {% data variables.product.prodname_dependabot_alerts %}. These features must be enabled on {% data variables.product.product_location %}. For more information, see "[Enabling the dependency graph and {% data variables.product.prodname_dependabot %} alerts on your enterprise account](/admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-the-dependency-graph-and-dependabot-alerts-on-your-enterprise-account)." +Additionally, {% data variables.product.prodname_dependabot_security_updates %} rely on the dependency graph, vulnerability data from {% data variables.product.prodname_github_connect %}, and {% data variables.product.prodname_dependabot_alerts %}. These features must be enabled on {% data variables.product.product_location %}. For more information, see "[Enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} on your enterprise account](/admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-the-dependency-graph-and-dependabot-alerts-on-your-enterprise-account)." ## Setting up self-hosted runners for {% data variables.product.prodname_dependabot %} updates diff --git a/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md b/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md index 1359ccf52a..4a20954bbf 100644 --- a/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md +++ b/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md @@ -20,7 +20,6 @@ topics: - Dependencies shortTitle: Dependabot alerts --- - ## About vulnerable dependencies @@ -50,7 +49,7 @@ For a list of the ecosystems that {% data variables.product.product_name %} can {% endnote %} -## {% data variables.product.prodname_dependabot %} alerts for vulnerable dependencies +## {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies {% data reusables.repositories.enable-security-alerts %} @@ -75,7 +74,7 @@ For repositories where {% data variables.product.prodname_dependabot_security_up {% endwarning %} -## Access to {% data variables.product.prodname_dependabot %} alerts +## Access to {% data variables.product.prodname_dependabot_alerts %} You can see all of the alerts that affect a particular project{% ifversion fpt or ghec %} on the repository's Security tab or{% endif %} in the repository's dependency graph. For more information, see "[Viewing and updating vulnerable dependencies in your repository](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)." diff --git a/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates.md b/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates.md index 71502324aa..b283a4b5e0 100644 --- a/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates.md +++ b/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates.md @@ -29,7 +29,7 @@ topics: {% data variables.product.prodname_dependabot_security_updates %} make it easier for you to fix vulnerable dependencies in your repository. If you enable this feature, when a {% data variables.product.prodname_dependabot %} alert is raised for a vulnerable dependency in the dependency graph of your repository, {% data variables.product.prodname_dependabot %} automatically tries to fix it. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" and "[Configuring {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)." -{% data variables.product.prodname_dotcom %} may send {% data variables.product.prodname_dependabot %} alerts to repositories affected by a vulnerability disclosed by a recently published {% data variables.product.prodname_dotcom %} security advisory. {% data reusables.security-advisory.link-browsing-advisory-db %} +{% data variables.product.prodname_dotcom %} may send {% data variables.product.prodname_dependabot_alerts %} to repositories affected by a vulnerability disclosed by a recently published {% data variables.product.prodname_dotcom %} security advisory. {% data reusables.security-advisory.link-browsing-advisory-db %} {% data variables.product.prodname_dependabot %} checks whether it's possible to upgrade the vulnerable dependency to a fixed version without disrupting the dependency graph for the repository. Then {% data variables.product.prodname_dependabot %} raises a pull request to update the dependency to the minimum version that includes the patch and links the pull request to the {% data variables.product.prodname_dependabot %} alert, or reports an error on the alert. For more information, see "[Troubleshooting {% data variables.product.prodname_dependabot %} errors](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)." diff --git a/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies.md b/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies.md index 25157de2cb..f0d3791232 100644 --- a/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies.md +++ b/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies.md @@ -1,7 +1,7 @@ --- title: Configuring notifications for vulnerable dependencies shortTitle: Configuring notifications -intro: 'Optimize how you receive notifications about {% data variables.product.prodname_dependabot %} alerts.' +intro: 'Optimize how you receive notifications about {% data variables.product.prodname_dependabot_alerts %}.' redirect_from: - /github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies - /code-security/supply-chain-security/configuring-notifications-for-vulnerable-dependencies @@ -50,7 +50,7 @@ You can configure notification settings for yourself or your organization from t {% note %} -**Note:** You can filter your notifications on {% data variables.product.company_short %} to show {% data variables.product.prodname_dependabot %} alerts. For more information, see "[Managing notifications from your inbox](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox#dependabot-custom-filters)." +**Note:** You can filter your notifications on {% data variables.product.company_short %} to show {% data variables.product.prodname_dependabot_alerts %}. For more information, see "[Managing notifications from your inbox](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox#dependabot-custom-filters)." {% endnote %} diff --git a/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/index.md b/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/index.md index e1f332ece6..d629122ab7 100644 --- a/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/index.md +++ b/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/index.md @@ -1,6 +1,6 @@ --- title: Managing vulnerabilities in your project's dependencies -intro: 'You can track your repository''s dependencies and receive {% ifversion fpt or ghes %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %} when {% data variables.product.product_name %} detects vulnerable dependencies.' +intro: 'You can track your repository''s dependencies and receive {% data variables.product.prodname_dependabot_alerts %} when {% data variables.product.product_name %} detects vulnerable dependencies.' redirect_from: - /articles/updating-your-project-s-dependencies/ - /articles/updating-your-projects-dependencies/ diff --git a/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies.md b/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies.md index b03339863e..2e0ad140d1 100644 --- a/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies.md +++ b/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies.md @@ -42,7 +42,7 @@ The results of dependency detection reported by {% data variables.product.produc ## Why don't I get vulnerability alerts for some ecosystems? -{% data variables.product.prodname_dotcom %} limits its support for vulnerability alerts to a set of ecosystems where we can provide high-quality, actionable data. Curated vulnerabilities in the {% data variables.product.prodname_advisory_database %}, the dependency graph, {% ifversion fpt or ghec %}{% data variables.product.prodname_dependabot %} security updates, {% endif %}and {% data variables.product.prodname_dependabot %} alerts are provided for several ecosystems, including Java’s Maven, JavaScript’s npm and Yarn, .NET’s NuGet, Python’s pip, Ruby's RubyGems, and PHP’s Composer. We'll continue to add support for more ecosystems over time. For an overview of the package ecosystems that we support, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)." +{% data variables.product.prodname_dotcom %} limits its support for vulnerability alerts to a set of ecosystems where we can provide high-quality, actionable data. Curated vulnerabilities in the {% data variables.product.prodname_advisory_database %}, the dependency graph, {% ifversion fpt or ghec %}{% data variables.product.prodname_dependabot %} security updates, {% endif %}and {% data variables.product.prodname_dependabot_alerts %} are provided for several ecosystems, including Java’s Maven, JavaScript’s npm and Yarn, .NET’s NuGet, Python’s pip, Ruby's RubyGems, and PHP’s Composer. We'll continue to add support for more ecosystems over time. For an overview of the package ecosystems that we support, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)." It's worth noting that {% data variables.product.prodname_dotcom %} Security Advisories may exist for other ecosystems. The information in a security advisory is provided by the maintainers of a particular repository. This data is not curated in the same way as information for the supported ecosystems. {% ifversion fpt or ghec %}For more information, see "[About {% data variables.product.prodname_dotcom %} Security Advisories](/github/managing-security-vulnerabilities/about-github-security-advisories)."{% endif %} diff --git a/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository.md b/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository.md index 2d6aa9f46c..c2a6b0c128 100644 --- a/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository.md +++ b/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository.md @@ -25,7 +25,7 @@ topics: {% data reusables.dependabot.beta-security-and-version-updates %} {% data reusables.dependabot.enterprise-enable-dependabot %} -Your repository's {% data variables.product.prodname_dependabot %} alerts tab lists all open and closed {% data variables.product.prodname_dependabot_alerts %}{% ifversion fpt or ghec or ghes > 3.2 %} and corresponding {% data variables.product.prodname_dependabot_security_updates %}{% endif %}. You can sort the list of alerts by selecting the drop-down menu, and you can click into specific alerts for more details. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." +Your repository's {% data variables.product.prodname_dependabot_alerts %} tab lists all open and closed {% data variables.product.prodname_dependabot_alerts %}{% ifversion fpt or ghec or ghes > 3.2 %} and corresponding {% data variables.product.prodname_dependabot_security_updates %}{% endif %}. You can sort the list of alerts by selecting the drop-down menu, and you can click into specific alerts for more details. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)." {% ifversion fpt or ghec or ghes > 3.2 %} You can enable automatic security updates for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)." diff --git a/content/organizations/keeping-your-organization-secure/reviewing-the-audit-log-for-your-organization.md b/content/organizations/keeping-your-organization-secure/reviewing-the-audit-log-for-your-organization.md index 78d03453ff..3765400734 100644 --- a/content/organizations/keeping-your-organization-secure/reviewing-the-audit-log-for-your-organization.md +++ b/content/organizations/keeping-your-organization-secure/reviewing-the-audit-log-for-your-organization.md @@ -39,8 +39,8 @@ To search for specific events, use the `action` qualifier in your query. Actions | [`billing`](#billing-category-actions) | Contains all activities related to your organization's billing. | [`business`](#business-category-actions) | Contains activities related to business settings for an enterprise. | | [`codespaces`](#codespaces-category-actions) | Contains all activities related to your organization's codespaces. |{% endif %}{% ifversion fpt or ghec or ghes > 3.2 %} -| [`dependabot_alerts`](#dependabot_alerts-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot %} alerts in existing repositories. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." -| [`dependabot_alerts_new_repos`](#dependabot_alerts_new_repos-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot %} alerts in new repositories created in the organization. +| [`dependabot_alerts`](#dependabot_alerts-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_alerts %} in existing repositories. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." +| [`dependabot_alerts_new_repos`](#dependabot_alerts_new_repos-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_alerts %} in new repositories created in the organization. | [`dependabot_security_updates`](#dependabot_security_updates-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_security_updates %} in existing repositories. For more information, see "[Configuring {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)." | [`dependabot_security_updates_new_repos`](#dependabot_security_updates_new_repos-category-actions) | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_security_updates %} for new repositories created in the organization.{% endif %}{% ifversion fpt or ghec %} | [`dependency_graph`](#dependency_graph-category-actions) | Contains organization-level configuration activities for dependency graphs for repositories. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)." @@ -71,7 +71,7 @@ To search for specific events, use the `action` qualifier in your query. Actions | [`repository_dependency_graph`](#repository_dependency_graph-category-actions) | Contains repository-level activities related to enabling or disabling the dependency graph for a {% ifversion fpt or ghec %}private {% endif %}repository. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)."{% endif %} | [`repository_secret_scanning`](#repository_secret_scanning-category-actions) | Contains repository-level activities related to secret scanning. For more information, see "[About secret scanning](/github/administering-a-repository/about-secret-scanning)." {% ifversion fpt or ghes or ghae-issue-4864 or ghec %} | [`repository_vulnerability_alert`](#repository_vulnerability_alert-category-actions) | Contains all activities related to [{% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies).{% endif %}{% ifversion fpt or ghec %} -| [`repository_vulnerability_alerts`](#repository_vulnerability_alerts-category-actions) | Contains repository-level configuration activities for {% data variables.product.prodname_dependabot %} alerts.{% endif %}{% ifversion ghec %} +| [`repository_vulnerability_alerts`](#repository_vulnerability_alerts-category-actions) | Contains repository-level configuration activities for {% data variables.product.prodname_dependabot_alerts %}.{% endif %}{% ifversion ghec %} | [`role`](#role-category-actions) | Contains all activities related to [custom repository roles](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization).{% endif %} | [`secret_scanning`](#secret_scanning-category-actions) | Contains organization-level configuration activities for secret scanning in existing repositories. For more information, see "[About secret scanning](/github/administering-a-repository/about-secret-scanning)." | [`secret_scanning_new_repos`](#secret_scanning_new_repos-category-actions) | Contains organization-level configuration activities for secret scanning for new repositories created in the organization. {% ifversion fpt or ghec %} @@ -661,8 +661,8 @@ For more information, see "[Managing the publication of {% data variables.produc | Action | Description |------------------|------------------- -| `create` | Triggered when {% data variables.product.product_name %} creates a {% ifversion fpt or ghes or ghec %}{% data variables.product.prodname_dependabot %}{% else %}security{% endif %} alert for a repository that uses a vulnerable dependency. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." -| `dismiss` | Triggered when an organization owner or person with admin access to the repository dismisses a {% ifversion fpt or ghes or ghec %}{% data variables.product.prodname_dependabot %}{% else %}security{% endif %} alert about a vulnerable dependency. +| `create` | Triggered when {% data variables.product.product_name %} creates a {% data variables.product.prodname_dependabot %} alert for a repository that uses a vulnerable dependency. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." +| `dismiss` | Triggered when an organization owner or person with admin access to the repository dismisses a {% data variables.product.prodname_dependabot %} alert about a vulnerable dependency. | `resolve` | Triggered when someone with write access to a repository pushes changes to update and resolve a vulnerability in a project dependency. {% endif %}{% ifversion fpt or ghec %} diff --git a/data/reusables/repositories/enable-security-alerts.md b/data/reusables/repositories/enable-security-alerts.md index 66d4792347..33169aacce 100644 --- a/data/reusables/repositories/enable-security-alerts.md +++ b/data/reusables/repositories/enable-security-alerts.md @@ -1,3 +1,3 @@ {% ifversion ghes or ghae-issue-4864 %} -Enterprise owners must enable {% data variables.product.prodname_dependabot %} alerts for vulnerable dependencies for {% data variables.product.product_location %} before you can use this feature. For more information, see "[Enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} on your enterprise account](/admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-the-dependency-graph-and-dependabot-alerts-on-your-enterprise-account)." +Enterprise owners must enable {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies for {% data variables.product.product_location %} before you can use this feature. For more information, see "[Enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} on your enterprise account](/admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-the-dependency-graph-and-dependabot-alerts-on-your-enterprise-account)." {% endif %} diff --git a/data/reusables/repositories/security-alerts-x-github-severity.md b/data/reusables/repositories/security-alerts-x-github-severity.md index eaeb2562f9..2741a8f189 100644 --- a/data/reusables/repositories/security-alerts-x-github-severity.md +++ b/data/reusables/repositories/security-alerts-x-github-severity.md @@ -1 +1 @@ -Email notifications for {% ifversion fpt or ghes or ghec %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %} that affect one or more repositories include the `X-GitHub-Severity` header field. You can use the value of the `X-GitHub-Severity` header field to filter email notifications for {% ifversion fpt or ghes or ghec %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %}. +Email notifications for {% data variables.product.prodname_dependabot_alerts %} that affect one or more repositories include the `X-GitHub-Severity` header field. You can use the value of the `X-GitHub-Severity` header field to filter email notifications for {% data variables.product.prodname_dependabot_alerts %}.