Dependabot private repo support (#16458)

* Update topics for Dependabot private repo support * Fix typo * Undo VS Code's auto-numbering * Fix broken anchor * Update content/github/administering-a-repository/configuration-options-for-dependency-updates.md Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com> * Update content/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors.md Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com> * Update content/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization.md Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com> * Updated to put supported package managers in table Alex suggested moving this information about which package managers are not supported (bundler, hex, pip) into the table on the About topic, rather than as text in the note box. This changes does that, adding a new row to the table for hex (as discussed with Alex). * Remove redundant image Review comment asked for the line about filtering repos to be removed. With that line gone there's no point showing the s/shot of a filtered list. * Updates for revised UI As per comments from @thepwagner * Make changes requested by Maya Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com> Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
2025-12-22 03:16:52 -05:00 · 2020-12-02 18:49:49 +00:00
parent d2ef480e57
commit c4914d70df
10 changed files with 64 additions and 42 deletions
--- a/content/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies.md
+++ b/content/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies.md
@@ -12,7 +12,7 @@ versions:
 {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}When {% data variables.product.prodname_dependabot %} detects vulnerable dependencies in your repositories, we generate a {% data variables.product.prodname_dependabot %} alert and display it on the Security tab for the repository. {% data variables.product.product_name %} notifies the maintainers of affected repositories about the new alert according to their notification preferences.{% else %}When {% data variables.product.product_name %} detects vulnerable dependencies in your repositories, it sends security alerts.{% endif %}{% if currentVersion == "free-pro-team@latest" %} {% data variables.product.prodname_dependabot %} is enabled by default on all public repositories. For {% data variables.product.prodname_dependabot_alerts %}, by default, you will receive {% data variables.product.prodname_dependabot_alerts %} by email, grouped by the specific vulnerability.
 {% endif %} 

-{% if currentVersion == "free-pro-team@latest" %}If you're an organization owner, you can enable or disable {% data variables.product.prodname_dependabot_alerts %} for all repositories in your organization with one click. You can also set whether the detection of vulnerable dependencies will be enabled or disabled for newly-created repositories. For more information, see "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-features-for-new-repositories)."
+{% if currentVersion == "free-pro-team@latest" %}If you're an organization owner, you can enable or disable {% data variables.product.prodname_dependabot_alerts %} for all repositories in your organization with one click. You can also set whether the detection of vulnerable dependencies will be enabled or disabled for newly-created repositories. For more information, see "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-new-repositories-when-they-are-added)."
 {% endif %}

 {% if enterpriseServerVersions contains currentVersion and currentVersion == "enterprise-server@2.21" %}
--- a/content/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors.md
+++ b/content/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors.md
@@ -76,6 +76,12 @@ There are separate limits for security and version update pull requests, so that

 The best way to resolve this error is to merge or close some of the existing pull requests and trigger a new pull request manually. For more information, see "[Triggering a {% data variables.product.prodname_dependabot %} pull request manually](#triggering-a-dependabot-pull-request-manually)."

+#### {% data variables.product.prodname_dependabot %} can't resolve your dependency files
+
+**Version updates only.** If {% data variables.product.prodname_dependabot %} attempts to check whether dependency references need to be updated in a repository, but can't access one or more of the referenced files, you will see the error message "{% data variables.product.prodname_dependabot %} can't resolve your LANGUAGE dependency files".
+
+{% data reusables.dependabot.private-dependencies-note %} Additionally, {% data variables.product.prodname_dependabot %} doesn't support private {% data variables.product.prodname_dotcom %} dependencies for all package managers. For more information, see "[About Dependabot version updates](/github/administering-a-repository/about-dependabot-version-updates#supported-repositories-and-ecosystems)."
+
 ### Triggering a {% data variables.product.prodname_dependabot %} pull request manually

 If you unblock {% data variables.product.prodname_dependabot %}, you can manually trigger a fresh attempt to create a pull request.