You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules.md
+6-6
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
---
2
2
title: About Dependabot auto-triage rules
3
-
intro: '{% data variables.dependabot.auto_triage_rules %} are a powerful tool to help you better manage your security alerts at scale. {% data variables.product.prodname_dependabot %}''s default rules are curated for you and filter out a substantial amount of false positives. {% data variables.dependabot.custom_rules_caps %} provide control over which alerts are ignored, snoozed, or trigger a {% data variables.product.prodname_dependabot %} security update to resolve the alert.'
3
+
intro: '{% data variables.dependabot.auto_triage_rules %} are a powerful tool to help you better manage your security alerts at scale. {% data variables.dependabot.github_presets %} are rules curated by {% data variables.product.company_short %} that you can use to filter out a substantial amount of false positives. {% data variables.dependabot.custom_rules_caps %} provide control over which alerts are ignored, snoozed, or trigger a {% data variables.product.prodname_dependabot %} security update to resolve the alert.'
4
4
permissions: 'People with write permissions can view {% data variables.dependabot.auto_triage_rules %} for the repository. People with admin permissions to a repository can enable or disable {% data variables.dependabot.auto_triage_rules_short %} for the repository, as well as create {% data variables.dependabot.custom_rules %}. Additionally, organization owners and security managers can set {% data variables.dependabot.auto_triage_rules_short %} at the organization-level and optionally choose to enforce rules for repositories in the organization.'
5
5
versions:
6
6
feature: dependabot-auto-triage-rules
@@ -25,18 +25,18 @@ redirect_from:
25
25
26
26
There are two types of {% data variables.dependabot.auto_triage_rules %}:
27
27
28
-
- {% data variables.dependabot.default_rules %}
28
+
- {% data variables.dependabot.github_presets %}
29
29
- {% data variables.dependabot.custom_rules_caps %}
30
30
31
-
### About {% data variables.dependabot.default_rules %}
31
+
### About {% data variables.dependabot.github_presets %}
32
32
33
33
{% note %}
34
34
35
-
{% data reusables.dependabot.dependabot-default-auto-triage-rules %}
35
+
{% data reusables.dependabot.dependabot-github-preset-auto-triage-rules %}
36
36
37
37
{% endnote %}
38
38
39
-
{% data reusables.dependabot.dismiss-low-impact-rule %}
39
+
{% data variables.dependabot.github_presets %} are rules curated by {% data variables.product.company_short %}. {% data reusables.dependabot.dismiss-low-impact-rule %}
40
40
41
41
### About {% data variables.dependabot.custom_rules %}
42
42
@@ -60,5 +60,5 @@ Auto-dismissed alerts are defined by the `resolution:auto-dismiss` close reason.
Copy file name to clipboardExpand all lines: content/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts.md
+9-8
Original file line number
Diff line number
Diff line change
@@ -1,7 +1,7 @@
1
1
---
2
-
title: Using GitHub-curated default rules to prioritize Dependabot alerts
3
-
intro: 'You can use a {% data variables.product.company_short %}-curated default rule to auto-dismiss low impact development alerts for npm dependencies.'
4
-
permissions: 'People with write permissions can view {% data variables.dependabot.auto_triage_rules %} for the repository. People with admin permissions to a repository can enable or disable {% data variables.dependabot.default_rules %} for the repository. Organization owners and security managers can enable or disable {% data variables.dependabot.default_rules %} at the organization-level and optionally choose to enforce rules for repositories in the organization.'
2
+
title: Using GitHub preset rules to prioritize Dependabot alerts
3
+
intro: 'You can use {% data variables.dependabot.github_presets %}, which are rules curated by {% data variables.product.company_short %}, to auto-dismiss low impact development alerts for npm dependencies.'
4
+
permissions: 'People with write permissions can view {% data variables.dependabot.auto_triage_rules %} for the repository. People with admin permissions to a repository can enable or disable {% data variables.dependabot.github_presets %} for the repository. Organization owners and security managers can enable or disable {% data variables.dependabot.github_presets %} at the organization-level and optionally choose to enforce rules for repositories in the organization.'
{% data reusables.dependabot.dependabot-auto-triage-rules-beta %}
20
21
21
-
## About {% data variables.dependabot.default_rules %}
22
+
## About {% data variables.dependabot.github_presets %}
22
23
23
-
The {% data variables.product.company_short %}-curated default rule, `Dismiss low impact issues for development-scoped dependencies`, auto-dismisses certain types of vulnerabilities that are found in npm dependencies used in development. These alerts cover cases that feel like false alarms to most developers as the associated vulnerabilities:
24
+
The `Dismiss low impact issues for development-scoped dependencies` rule is a {% data variables.product.company_short %} preset that auto-dismisses certain types of vulnerabilities that are found in npm dependencies used in development. These alerts cover cases that feel like false alarms to most developers as the associated vulnerabilities:
24
25
25
26
- Are unlikely to be exploitable in a developer (non-production or runtime) environment.
26
27
- May relate to resource management, programming and logic, and information disclosure issues.
@@ -33,11 +34,11 @@ The {% data variables.product.company_short %}-curated default rule, `Dismiss lo
33
34
34
35
{% endnote %}
35
36
36
-
The {% data variables.product.company_short %}-curated default rule, `Dismiss low impact issues for development-scoped dependencies`, includes vulnerabilities relating to resource management, programming and logic, and information disclosure issues. For more information, see "[Publicly disclosed CWEs used by the `Dismiss low impact issues for development-scoped dependencies` rule](#publicly-disclosed-cwes-used-by-the-dismiss-low-impact-issues-for-development-scoped-dependencies-rule)."
37
+
The `Dismiss low impact issues for development-scoped dependencies` rule includes vulnerabilities relating to resource management, programming and logic, and information disclosure issues. For more information, see "[Publicly disclosed CWEs used by the `Dismiss low impact issues for development-scoped dependencies` rule](#publicly-disclosed-cwes-used-by-the-dismiss-low-impact-issues-for-development-scoped-dependencies-rule)."
37
38
38
39
Filtering out these low impact alerts allows you to focus on alerts that matter to you, without having to worry about missing potentially high-risk development-scoped alerts.
39
40
40
-
The {% data variables.product.company_short %}-curated default rule, `Dismiss low impact issues for development-scoped dependencies`, is enabled by default on public repositories and disabled for private repositories. Administrators of private repositories can opt in by enabling the rule for their repository.
41
+
The `Dismiss low impact issues for development-scoped dependencies` rule is enabled by default on public repositories and disabled for private repositories. Administrators of private repositories can opt in by enabling the rule for their repository.
41
42
42
43
## Enabling the `Dismiss low impact issues for development-scoped dependencies` rule for your private repository
{% data variables.dependabot.github_presets %} for {% data variables.product.prodname_dependabot_alerts %} are rules that are available for all repositories.
The {% data variables.product.company_short %}-curated default rule, `Dismiss low impact issues for development-scoped dependencies`, auto-dismisses certain types of vulnerabilities that are found in npm dependencies used in development. The rule has been curated to reduce false positives and reduce alert fatigue. The rule is enabled by default for public repositories and can be opted into for private repositories. However, you cannot modify {% data variables.dependabot.default_rules %}. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/using-github-curated-default-rules-to-prioritize-dependabot-alerts)."
1
+
The `Dismiss low impact issues for development-scoped dependencies` is a {% data variables.product.company_short %} preset rule. This rule auto-dismisses certain types of vulnerabilities that are found in npm dependencies used in development. The rule has been curated to reduce false positives and reduce alert fatigue. The rule is enabled by default for public repositories and can be opted into for private repositories. However, you cannot modify {% data variables.dependabot.github_presets %}. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts)."
0 commit comments