Publicamos atualizações frequentes em nossa documentação, e a tradução desta página ainda pode estar em andamento. Para obter as informações mais recentes, acesse a documentação em inglês. Se houver problemas com a tradução desta página, entre em contato conosco.

Enabling alerts for vulnerable dependencies on GitHub Enterprise Server

You can connect sua instância do GitHub Enterprise Server to GitHub Enterprise Cloud and enable security alerts for vulnerable dependencies in repositories in your instance.

Site administrators for GitHub Enterprise Server who are also owners of the connected GitHub Enterprise Cloud organization or enterprise account can enable security alerts for vulnerable dependencies on GitHub Enterprise Server.

Neste artigo

Did this doc help you?

About alerts for vulnerable dependencies on GitHub Enterprise Server

We add vulnerabilities to the Banco de Dados Consultivo GitHub from the following sources:

You can connect sua instância do GitHub Enterprise Server to GitHub.com, then sync vulnerability data to your instance and generate security alerts in repositories with a vulnerable dependency.

After connecting sua instância do GitHub Enterprise Server to GitHub.com and enabling security alerts for vulnerable dependencies, vulnerability data is synced from GitHub.com to your instance once every hour. You can also choose to manually sync vulnerability data at any time. No code or information about code from sua instância do GitHub Enterprise Server is uploaded to GitHub.com.

When sua instância do GitHub Enterprise Server receives information about a vulnerability, it will identify repositories in your instance that use the affected version of the dependency and send security alerts to owners and people with admin access in those repositories. They can customize how they receive security alerts. For more information, see "About alerts for vulnerable dependencies."

Enabling security alerts for vulnerable dependencies on GitHub Enterprise Server

Before enabling security alerts for vulnerable dependencies on sua instância do GitHub Enterprise Server, you must connect sua instância do GitHub Enterprise Server to GitHub.com. For more information, see "Connecting GitHub Enterprise Server to GitHub Enterprise Cloud."

  1. Faça login no sua instância do GitHub Enterprise Server em http(s)://HOSTNAME/login.

  2. In the administrative shell, enable the security alerts for vulnerable dependencies on sua instância do GitHub Enterprise Server:

    $ ghe-dep-graph-enable
  3. Return to GitHub Enterprise Server.

  4. No canto superior direito de qualquer página, clique em .

    Ícone de foguete para acessar as configurações de administrador do site

  5. In the left sidebar, click Enterprise.

    Enterprise tab in the Site admin settings

  6. Na barra lateral da conta corporativa, clique em Settings.

    Aba de configurações na barra lateral de contas corporativas

  7. Na barra lateral esquerda, clique em GitHub Connect.

    Aba GitHub Connect na barra lateral de configurações da conta de negócios

  8. Under "Repositories can be scanned for vulnerabilities", use the drop-down menu and select Enabled.

    Drop-down menu to enable scanning repositories for vulnerabilities

Viewing vulnerable dependencies on GitHub Enterprise Server

You can view all vulnerabilities in sua instância do GitHub Enterprise Server and manually sync vulnerability data from GitHub.com to update the list.

  1. No canto superior direito de qualquer página, clique em .
    Ícone de foguete para acessar as configurações de administrador do site
  2. In the left sidebar, click Vulnerabilities.
    Vulnerabilities tab in the site admin sidebar
  3. To sync vulnerability data, click Sync Vulnerabilities now.
    Sync vulnerabilities now button

Did this doc help you?