Esta versión de GitHub Enterprise se discontinuará el 2022-02-16. No se realizarán lanzamientos de patch, ni siquiera para problemas de seguridad críticos. Para obtener un mejor desempeño, más seguridad y nuevas características, actualiza a la última versión de GitHub Enterprise. Para obtener ayuda con la actualización, contacta al soporte de GitHub Enterprise.

Enabling the dependency graph and Dependabot alerts on your enterprise account

You can connect your GitHub Enterprise Server instance to Nube de GitHub Enterprise and enable the dependency graph and Dependabot alerts in repositories in your instance.

Enterprise owners who are also owners of the connected Nube de GitHub Enterprise organization or enterprise account can enable the dependency graph and Dependabot alerts on your GitHub Enterprise Server instance.

About alerts for vulnerable dependencies on your GitHub Enterprise Server instance

GitHub identifies vulnerable dependencies in repositories and creates Las alertas del dependabot on your GitHub Enterprise Server instance, using:

  • Data from the GitHub Advisory Database
  • The dependency graph service

For more information about these features, see "About the dependency graph" and "About alerts for vulnerable dependencies."

About synchronization of data from the GitHub Advisory Database

Agregamos vulnerabilidades a la GitHub Advisory Database desde las siguientes fuentes:

You can connect your GitHub Enterprise Server instance to GitHub.com with GitHub Connect. Once connected, vulnerability data is synced from the GitHub Advisory Database to your instance once every hour. You can also choose to manually sync vulnerability data at any time. No code or information about code from your GitHub Enterprise Server instance is uploaded to GitHub.com.

About generation of Las alertas del dependabot

If you enable vulnerability detection, when your GitHub Enterprise Server instance receives information about a vulnerability, it identifies repositories in your instance that use the affected version of the dependency and generates Las alertas del dependabot. You can choose whether or not to notify users automatically about new Las alertas del dependabot.

Enabling the dependency graph and Las alertas del dependabot for vulnerable dependencies on your GitHub Enterprise Server instance

Prerequisites

For your GitHub Enterprise Server instance to detect vulnerable dependencies and generate Las alertas del dependabot:

Enabling the dependency graph

  1. Ingresa en your GitHub Enterprise Server instance a través de http(s)://HOSTNAME/login.

  2. In the administrative shell, enable the dependency graph on your GitHub Enterprise Server instance:

    $ ghe-config app.github.dependency-graph-enabled true

    Note: For more information about enabling access to the administrative shell via SSH, see "Accessing the administrative shell (SSH)."

  3. Apply the configuration.

    $ ghe-config-apply
  4. Return to GitHub Enterprise Server.

Enabling Las alertas del dependabot

Before enabling Las alertas del dependabot for your instance, you need to enable the dependency graph. For more information, see above.

  1. En la esquina superior derecha de GitHub Enterprise Server, da clic en tu foto de perfil y luego en Configuración de empresa. "Configuración de empresa" en el menú desplegable de la foto de perfil en GitHub Enterprise Server

  2. En la barra lateral de la cuenta de empresa, haz clic en Settings (Configuraciones). Pestaña Settings (Configuraciones) en la barra lateral de la cuenta de empresa

  3. En la barra lateral izquierda, haz clic en GitHub Connect. GitHub Connect tab in the business account settings sidebar

  4. Under "Repositories can be scanned for vulnerabilities", select the drop-down menu and click Enabled without notifications. Optionally, to enable alerts with notifications, click Enabled with notifications. Drop-down menu to enable scanning repositories for vulnerabilities

    Tip: We recommend configuring Las alertas del dependabot without notifications for the first few days to avoid an overload of emails. After a few days, you can enable notifications to receive Las alertas del dependabot as usual.

Viewing vulnerable dependencies on your GitHub Enterprise Server instance

You can view all vulnerabilities in your GitHub Enterprise Server instance and manually sync vulnerability data from GitHub.com to update the list.

  1. Desde una cuenta administrativa en GitHub Enterprise Server, da clic en la esquina superior derecha de cualquier página. Ícono de cohete para acceder a las configuraciones de administrador del sitio
  2. In the left sidebar, click Vulnerabilities. Vulnerabilities tab in the site admin sidebar
  3. To sync vulnerability data, click Sync Vulnerabilities now. Sync vulnerabilities now button

¿Te ayudó este documento?

Política de privacidad

¡Ayúdanos a hacer geniales estos documentos!

Todos los documentos de GitHub son de código abierto. ¿Notas algo que esté mal o que no sea claro? Emite una solicitud de cambios.

Haz una contribución

O, aprende cómo contribuir.