jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-20 18:36:31 -05:00
Code Issues Projects Releases Wiki Activity

merge from main

Browse Source
This commit is contained in:
Sarita Iyer
2021-10-12 13:22:49 -04:00
parent 632d4eb6aa
commit fd4ad9f889
141 changed files with 853 additions and 582 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
content/code-security/getting-started/github-security-features.md
View File

@@ -19,9 +19,9 @@ topics:
The {% data variables.product.prodname_advisory_database %} contains a curated list of security vulnerabilities that you can view, search, and filter. {% data reusables.security-advisory.link-browsing-advisory-db %}
{% ifversion fpt or ghes > 2.22 %}
{% ifversion fpt or ghes > 2.22 or ghae-issue-4864 %}
## Available for all repositories
{% endif %}
{% ifversion fpt or ghes > 3.0 or ghae-next %}
### Security policy
@@ -39,9 +39,11 @@ View alerts about dependencies that are known to contain security vulnerabilitie
and "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)."
{% endif %}
{% ifversion ghes > 2.22 %}
{% ifversion ghes > 2.22 or ghae-issue-4864 %}
### {% data variables.product.prodname_dependabot_alerts %}
{% data reusables.dependabot.dependabot-alerts-beta %}
View alerts about dependencies that are known to contain security vulnerabilities, and manage these alerts. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)."
{% endif %}
@@ -51,6 +53,7 @@ View alerts about dependencies that are known to contain security vulnerabilitie
Use {% data variables.product.prodname_dependabot %} to automatically raise pull requests to keep your dependencies up-to-date. This helps reduce your exposure to older versions of dependencies. Using newer versions makes it easier to apply patches if security vulnerabilities are discovered, and also makes it easier for {% data variables.product.prodname_dependabot_security_updates %} to successfully raise pull requests to upgrade vulnerable dependencies. For more information, see "[About {% data variables.product.prodname_dependabot_version_updates %}](/github/administering-a-repository/about-dependabot-version-updates)."
{% endif %}
{% ifversion fpt or ghes > 2.22 or ghae-issue-4864 %}
### Dependency graph
The dependency graph allows you to explore the ecosystems and packages that your repository depends on and the repositories and packages that depend on your repository.
@@ -75,7 +78,7 @@ Automatically detect security vulnerabilities and coding errors in new or modifi
{% endif %}
{% ifversion fpt or ghes > 3.1 %}
{% ifversion fpt or ghes > 3.1 or ghae-issue-4864 %}
### Dependency review
Show the full impact of changes to dependencies and see details of any vulnerable versions before you merge a pull request. For more information, see "[About dependency review](/code-security/supply-chain-security/about-dependency-review)."