Esta versión de GitHub Enterprise se discontinuó el 2021-09-23. No se realizarán lanzamientos de patch, ni siquiera para problemas de seguridad críticos. Para obtener un mejor desempeño, más seguridad y nuevas características, actualiza a la última versión de GitHub Enterprise. Para obtener ayuda con la actualización, contacta al soporte de GitHub Enterprise.

Enabling alerts for vulnerable dependencies on GitHub Enterprise Server

You can connect tu instancia de servidor de GitHub Enterprise to GitHub Enterprise Cloud and enable the dependency graph and Dependabot de GitHub alerts in repositories in your instance.

Site administrators for Servidor de GitHub Enterprise who are also owners of the connected GitHub Enterprise Cloud organization or enterprise account can enable the dependency graph and Dependabot de GitHub alerts on Servidor de GitHub Enterprise.

About alerts for vulnerable dependencies on Servidor de GitHub Enterprise

To identify vulnerable dependencies in your repository and receive alerts about vulnerabilities, you need to enable two security features:

  • The dependency graph
  • Dependabot de GitHub alerts

For more information, see "About the dependency graph" and "About alerts for vulnerable dependencies."

Agregamos vulnerabilidades a la GitHub Advisory Database desde las siguientes fuentes:

You can connect tu instancia de servidor de GitHub Enterprise to GitHub.com, then sync vulnerability data to your instance and generate Alertas del Dependabot de GitHub in repositories with a vulnerable dependency.

After connecting tu instancia de servidor de GitHub Enterprise to GitHub.com and enabling the dependency graph and Alertas del Dependabot de GitHub for vulnerable dependencies, vulnerability data is synced from GitHub.com to your instance once every hour. You can also choose to manually sync vulnerability data at any time. No code or information about code from tu instancia de servidor de GitHub Enterprise is uploaded to GitHub.com.

When tu instancia de servidor de GitHub Enterprise receives information about a vulnerability, it will identify repositories in your instance that use the affected version of the dependency and generate Alertas del Dependabot de GitHub. You can customize how you receive Alertas del Dependabot de GitHub. For more information, see "Configuring notifications for vulnerable dependencies."

Enabling the dependency graph and Alertas del Dependabot de GitHub on GitHub Enterprise Server

For tu instancia de servidor de GitHub Enterprise to generate Alertas del Dependabot de GitHub whenever vulnerabilities are detected on your repositories:

Enabling the dependency graph

  1. Ingresa en tu instancia de servidor de GitHub Enterprise a través de http(s)://HOSTNAME/login.

  2. In the administrative shell, enable the dependency graph on tu instancia de servidor de GitHub Enterprise:

    $ ghe-config app.github.dependency-graph-enabled true

    Note: For more information about enabling access to the administrative shell via SSH, see "Accessing the administrative shell (SSH)."

  3. Apply the configuration.

    $ ghe-config-apply
  4. Return to Servidor de GitHub Enterprise.

Enabling Alertas del Dependabot de GitHub

Before enabling Alertas del Dependabot de GitHub for your instance, you need to enable the dependency graph. For more information, see above.

  1. Visita la cuenta de tu empresa en https://github.com/enterprises/ENTERPRISE-NAME, reemplazando ENTERPRISE-NAME por el nombre de la cuenta de tu empresa.1. En la barra lateral de la cuenta de empresa, haz clic en Settings (Configuraciones). Pestaña Settings (Configuraciones) en la barra lateral de la cuenta de empresa1. En la barra lateral izquierda, haz clic en GitHub Connect. Pestaña GitHub Connect en la barra lateral de parámetros de la cuenta de empresa

  2. Under "Repositories can be scanned for vulnerabilities", use the drop-down menu and select Enabled without notifications. Optionally, to enable alerts with notifications, select Enabled with notifications. Drop-down menu to enable scanning repositories for vulnerabilities

    We recommend configuring Alertas del Dependabot de GitHub without notifications for the first few days to avoid an overload of emails. After a few days, you can enable notifications to receive Alertas del Dependabot de GitHub as usual.

Viewing vulnerable dependencies on Servidor de GitHub Enterprise

You can view all vulnerabilities in tu instancia de servidor de GitHub Enterprise and manually sync vulnerability data from GitHub.com to update the list.

  1. En la esquina superior derecha de cualquier página, da clic en . Ícono de cohete para acceder a las configuraciones de administrador del sitio
  2. In the left sidebar, click Vulnerabilities. Vulnerabilities tab in the site admin sidebar
  3. To sync vulnerability data, click Sync Vulnerabilities now. Sync vulnerabilities now button