我们经常发布文档更新,此页面的翻译可能仍在进行中。有关最新信息,请访问英文文档。如果此页面上的翻译有问题,请告诉我们

此版本的 GitHub Enterprise 将停止服务 此版本的 GitHub Enterprise 已停止服务 2020-11-12. 即使针对重大安全问题,也不会发布补丁。 要获得更好的性能、改进的安全性和新功能,请升级到 GitHub Enterprise 的最新版本。 如需升级方面的帮助,请联系 GitHub Enterprise 支持

Enabling alerts for vulnerable dependencies on GitHub Enterprise Server

You can connect 您的 GitHub Enterprise Server 实例 to GitHub Enterprise Cloud and enable security alerts for vulnerable dependencies in repositories in your instance.

Site administrators for GitHub Enterprise Server who are also owners of the connected GitHub Enterprise Cloud organization or enterprise account can enable security alerts for vulnerable dependencies on GitHub Enterprise Server.

本文内容

Did this doc help you?

About alerts for vulnerable dependencies on GitHub Enterprise Server

We add vulnerabilities to the GitHub Advisory Database from the following sources:

You can connect 您的 GitHub Enterprise Server 实例 to GitHub.com, then sync vulnerability data to your instance and generate security alerts in repositories with a vulnerable dependency.

After connecting 您的 GitHub Enterprise Server 实例 to GitHub.com and enabling security alerts for vulnerable dependencies, vulnerability data is synced from GitHub.com to your instance once every hour. You can also choose to manually sync vulnerability data at any time. No code or information about code from 您的 GitHub Enterprise Server 实例 is uploaded to GitHub.com.

When 您的 GitHub Enterprise Server 实例 receives information about a vulnerability, it will identify repositories in your instance that use the affected version of the dependency and send security alerts to owners and people with admin access in those repositories. They can customize how they receive security alerts. For more information, see "About alerts for vulnerable dependencies."

Enabling security alerts for vulnerable dependencies on GitHub Enterprise Server

Before enabling security alerts for vulnerable dependencies on 您的 GitHub Enterprise Server 实例, you must connect 您的 GitHub Enterprise Server 实例 to GitHub.com. For more information, see "Connecting GitHub Enterprise Server to GitHub Enterprise Cloud."

  1. 登录到 http(s)://HOSTNAME/login 上的 您的 GitHub Enterprise Server 实例。

  2. In the administrative shell, enable the security alerts for vulnerable dependencies on 您的 GitHub Enterprise Server 实例:

    $ ghe-dep-graph-enable
  3. Return to GitHub Enterprise Server.

  4. 在任何页面的右上角,单击

    用于访问站点管理员设置的火箭图标

  5. 在左侧边栏中,单击 Enterprise(企业)

    站点管理设置中的 Enterprise(企业)选项卡

  6. 在企业帐户侧边栏中,单击 Settings(设置)

    企业帐户侧边栏中的“设置”选项卡

  7. 在左侧边栏中,单击 GitHub Connect

    企业帐户设置侧边栏中的“GitHub 连接”选项卡

  8. Under "Repositories can be scanned for vulnerabilities", use the drop-down menu and select Enabled.

    Drop-down menu to enable scanning repositories for vulnerabilities

Viewing vulnerable dependencies on GitHub Enterprise Server

You can view all vulnerabilities in 您的 GitHub Enterprise Server 实例 and manually sync vulnerability data from GitHub.com to update the list.

  1. 在任何页面的右上角,单击
    用于访问站点管理员设置的火箭图标
  2. In the left sidebar, click Vulnerabilities.
    Vulnerabilities tab in the site admin sidebar
  3. To sync vulnerability data, click Sync Vulnerabilities now.
    Sync vulnerabilities now button

Did this doc help you?