jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 09:57:42 -05:00
Code Issues Projects Releases Wiki Activity

EPSS Scores for Dependabot Alerts [GA] (#54448)

Browse Source 
Co-authored-by: Kevin Heis <heiskr@users.noreply.github.com>
Co-authored-by: Carlin Cherry <61124041+carlincherry@users.noreply.github.com>
This commit is contained in:
mc
2025-02-19 22:45:01 +00:00
committed by GitHub
parent af404550d8
commit ec51e3b5f7
2 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
data/features/dependabot-alerts-epss-score.yml Normal file
View File

@@ -0,0 +1,6 @@
# References:
# Issue #15659 - EPSS Scores for Dependabot Alerts [GA]
versions:
fpt: '*'
ghec: '*'
ghes: '>3.16'

8
data/reusables/dependabot/dependabot-alerts-filters.md
View File

@@ -11,4 +11,10 @@ You can sort and filter {% data variables.product.prodname_dependabot_alerts %}
| `repo` | Displays alerts based on the repository they relate to</br>Note that this filter is only available for security overview. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview) | Use `repo:octocat-repo` to show alerts in the repository called `octocat-repo` |
| `scope` | Displays alerts based on the scope of the dependency they relate to | Use `scope:development` to show alerts for dependencies that are only used during development |
| `severity` | Displays alerts based on their level of severity | Use `severity:high` to show alerts with a severity of High |
| `sort` | Displays alerts according to the selected sort order | The default sorting option for alerts is `sort:most-important`, which ranks alerts by importance</br>Use `sort:newest` to show the latest alerts reported by {% data variables.product.prodname_dependabot %} |
| `sort` | Displays alerts according to the selected sort order | The default sorting option for alerts is `sort:most-important`, which ranks alerts by importance</br>Use `sort:newest` to show the latest alerts reported by {% data variables.product.prodname_dependabot %}{% ifversion dependabot-alerts-epss-score %}</br>Use `sort:epss-percentage` to show alerts ordered by descending EPSS score.{% endif %} |
{% ifversion dependabot-alerts-epss-score %}
>[!NOTE] The Exploit Prediction Scoring System, or EPSS, provides a **score** (from 0 to 100%) or probability of the vulnerability to be exploited in the next 30 days, and a **percentile** (nth percentile) or relative measure of threat. This score comes from the Forum of Incident Response and Security Teams (FIRST) and is updated daily. To learn more, see [Exploit Prediction Scoring System](https://www.first.org/epss/) in the FIRST documentation.
{% endif %}