diff --git a/data/features/dependabot-alerts-epss-score.yml b/data/features/dependabot-alerts-epss-score.yml new file mode 100644 index 0000000000..0882571da8 --- /dev/null +++ b/data/features/dependabot-alerts-epss-score.yml @@ -0,0 +1,6 @@ +# References: +# Issue #15659 - EPSS Scores for Dependabot Alerts [GA] +versions: + fpt: '*' + ghec: '*' + ghes: '>3.16' diff --git a/data/reusables/dependabot/dependabot-alerts-filters.md b/data/reusables/dependabot/dependabot-alerts-filters.md index d47b18ca1b..6f4808b376 100644 --- a/data/reusables/dependabot/dependabot-alerts-filters.md +++ b/data/reusables/dependabot/dependabot-alerts-filters.md @@ -11,4 +11,10 @@ You can sort and filter {% data variables.product.prodname_dependabot_alerts %} | `repo` | Displays alerts based on the repository they relate to
Note that this filter is only available for security overview. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview) | Use `repo:octocat-repo` to show alerts in the repository called `octocat-repo` | | `scope` | Displays alerts based on the scope of the dependency they relate to | Use `scope:development` to show alerts for dependencies that are only used during development | | `severity` | Displays alerts based on their level of severity | Use `severity:high` to show alerts with a severity of High | -| `sort` | Displays alerts according to the selected sort order | The default sorting option for alerts is `sort:most-important`, which ranks alerts by importance
Use `sort:newest` to show the latest alerts reported by {% data variables.product.prodname_dependabot %} | +| `sort` | Displays alerts according to the selected sort order | The default sorting option for alerts is `sort:most-important`, which ranks alerts by importance
Use `sort:newest` to show the latest alerts reported by {% data variables.product.prodname_dependabot %}{% ifversion dependabot-alerts-epss-score %}
Use `sort:epss-percentage` to show alerts ordered by descending EPSS score.{% endif %} | + +{% ifversion dependabot-alerts-epss-score %} + +>[!NOTE] The Exploit Prediction Scoring System, or EPSS, provides a **score** (from 0 to 100%) or probability of the vulnerability to be exploited in the next 30 days, and a **percentile** (nth percentile) or relative measure of threat. This score comes from the Forum of Incident Response and Security Teams (FIRST) and is updated daily. To learn more, see [Exploit Prediction Scoring System](https://www.first.org/epss/) in the FIRST documentation. + +{% endif %}