From b0abb0ab9d0403f136c8de19d6a4eb4489fcde01 Mon Sep 17 00:00:00 2001 From: mc <42146119+mchammer01@users.noreply.github.com> Date: Thu, 16 May 2024 07:48:05 +0100 Subject: [PATCH] Emphasize enablement options for Dependabot auto-triage rules (#50431) Co-authored-by: Anne-Marie <102995847+am-stead@users.noreply.github.com> --- .../about-dependabot-auto-triage-rules.md | 4 ++++ data/reusables/dependabot/dismiss-low-impact-rule.md | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/content/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules.md b/content/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules.md index b77801ab91..44eed1326e 100644 --- a/content/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules.md +++ b/content/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules.md @@ -38,6 +38,8 @@ There are two types of {% data variables.dependabot.auto_triage_rules %}: {% data variables.dependabot.github_presets %} are rules curated by {% data variables.product.company_short %}. {% data reusables.dependabot.dismiss-low-impact-rule %} +The rule is enabled by default for public repositories and can be opted into for private repositories. You can enable the rule for a private repository via the **Settings** tab for the repository. For more information, see "[Enabling the `Dismiss low impact issues for development-scoped dependencies` rule for your private repository](/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts#enabling-the-dismiss-low-impact-issues-for-development-scoped-dependencies-rule-for-your-private-repository)." + ### About {% data variables.dependabot.custom_rules %} {% note %} @@ -48,6 +50,8 @@ There are two types of {% data variables.dependabot.auto_triage_rules %}: With {% data variables.dependabot.custom_rules %}, you can create your own rules to automatically dismiss or reopen alerts based on targeted metadata, such as severity, package name, CWE, and more. You can also specify which alerts you want {% data variables.product.prodname_dependabot %} to open pull requests for. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts)." +You can create custom rules from the **Settings** tab of the repository{% ifversion ghec or ghes %}, provided the repository belongs to an organization that has a license for {% data variables.product.prodname_GH_advanced_security %}{% endif %}. For more information, see "[Adding custom auto-triage rules to your repository](/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts#adding-custom-auto-triage-rules-to-your-repository)." + ### About auto-dismissing alerts Whilst you may find it useful to use auto-triage rules to auto-dismiss alerts, you can still reopen auto-dismissed alerts and filter to see which alerts have been auto-dismissed. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/managing-automatically-dismissed-alerts)." diff --git a/data/reusables/dependabot/dismiss-low-impact-rule.md b/data/reusables/dependabot/dismiss-low-impact-rule.md index 0d5b682192..7a564ab66b 100644 --- a/data/reusables/dependabot/dismiss-low-impact-rule.md +++ b/data/reusables/dependabot/dismiss-low-impact-rule.md @@ -1 +1 @@ -The `Dismiss low impact issues for development-scoped dependencies` is a {% data variables.product.company_short %} preset rule. This rule auto-dismisses certain types of vulnerabilities that are found in npm dependencies used in development. The rule has been curated to reduce false positives and reduce alert fatigue. The rule is enabled by default for public repositories and can be opted into for private repositories. However, you cannot modify {% data variables.dependabot.github_presets %}. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts)." +The `Dismiss low impact issues for development-scoped dependencies` is a {% data variables.product.company_short %} preset rule. This rule auto-dismisses certain types of vulnerabilities that are found in npm dependencies used in development. The rule has been curated to reduce false positives and reduce alert fatigue. You cannot modify {% data variables.dependabot.github_presets %}. For more information about {% data variables.dependabot.github_presets %}, see "[AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts)."