diff --git a/next.config.js b/next.config.js
index 2753771591b4..c2a44f89d8a0 100644
--- a/next.config.js
+++ b/next.config.js
@@ -19,7 +19,7 @@ module.exports = {
   },
   i18n: {
     // locales: Object.values(languages).map(({ code }) => code),
-    locales: ['en', 'cn', 'ja', 'es', 'pt', 'de'],
+    locales: ['en', 'cn', 'ja', 'es', 'pt'],
     defaultLocale: 'en',
   },
   sassOptions: {
diff --git a/translations/es-ES/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md b/translations/es-ES/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md
index 286b7b089f5f..066ef4eb9706 100644
--- a/translations/es-ES/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md
+++ b/translations/es-ES/content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md
@@ -134,7 +134,7 @@ Email notifications from {% data variables.product.product_location %} contain t
 | `To` field | This field connects directly to the thread.{% ifversion not ghae %} If you reply to the email, you'll add a new comment to the conversation.{% endif %} |
 | `Cc` address | {% data variables.product.product_name %} will `Cc` you if you're subscribed to a conversation. The second `Cc` email address matches the notification reason. The suffix for these notification reasons is {% data variables.notifications.cc_address %}. The possible notification reasons are: <ul><li>`assign`: You were assigned to an issue or pull request.</li><li>`author`: You created an issue or pull request.</li><li>`ci_activity`: A {% data variables.product.prodname_actions %} workflow run that you triggered was completed.</li><li>`comment`: You commented on an issue or pull request.</li><li>`manual`: There was an update to an issue or pull request you manually subscribed to.</li><li>`mention`: You were mentioned on an issue or pull request.</li><li>`push`: Someone committed to a pull request you're subscribed to.</li><li>`review_requested`: You or a team you're a member of was requested to review a pull request.</li>{% ifversion fpt or ghes or ghae-issue-4864 or ghec %}<li>`security_alert`: {% data variables.product.prodname_dotcom %} detected a vulnerability in a repository you receive alerts for.</li>{% endif %}<li>`state_change`: An issue or pull request you're subscribed to was either closed or opened.</li><li>`subscribed`: There was an update in a repository you're watching.</li><li>`team_mention`: A team you belong to was mentioned on an issue or pull request.</li><li>`your_activity`: You opened, commented on, or closed an issue or pull request.</li></ul> |
 | `mailing list` field | This field identifies the name of the repository and its owner. The format of this address is always `<repository name>.<repository owner>.{% data variables.command_line.backticks %}`. |{% ifversion fpt or ghes or ghae-issue-4864 or ghec %}
-| `X-GitHub-Severity` field | {% data reusables.repositories.security-alerts-x-github-severity %} The possible severity levels are:<ul><li>`low`</li><li>`moderate`</li><li>`high`</li><li>`critical`</li></ul>For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." |{% endif %}
+| `X-GitHub-Severity` field | {% data reusables.repositories.security-alerts-x-github-severity %} The possible severity levels are:<ul><li>`low`</li><li>`moderate`</li><li>`high`</li><li>`critical`</li></ul>For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." |{% endif %}
 
 ## Choosing your notification settings
 
diff --git a/translations/es-ES/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md b/translations/es-ES/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md
index 0b8710d4601e..321b39c1caed 100644
--- a/translations/es-ES/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md
+++ b/translations/es-ES/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md
@@ -173,7 +173,7 @@ If you use {% data variables.product.prodname_dependabot %} to keep your depende
 - `reason:security_alert` to show notifications for {% data variables.product.prodname_dependabot_alerts %} and security update pull requests.
 - `author:app/dependabot` to show notifications generated by {% data variables.product.prodname_dependabot %}. This includes {% data variables.product.prodname_dependabot_alerts %}, security update pull requests, and version update pull requests.
 
-For more information about {% data variables.product.prodname_dependabot %}, see "[About managing vulnerable dependencies](/github/managing-security-vulnerabilities/about-managing-vulnerable-dependencies)."
+For more information about {% data variables.product.prodname_dependabot %}, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."
 {% endif %}
 
 {% ifversion ghes < 3.3 or ghae-issue-4864 %}
@@ -182,7 +182,7 @@ If you use {% data variables.product.prodname_dependabot %} to tell you about vu
 - `is:repository_vulnerability_alert` 
 - `reason:security_alert`
 
-For more information about {% data variables.product.prodname_dependabot %}, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)."
+For more information about {% data variables.product.prodname_dependabot %}, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)."
 {% endif %}
 
 {% endif %}
diff --git a/translations/es-ES/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account.md b/translations/es-ES/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account.md
index ec1dab67f4d2..eda7a7fcbacf 100644
--- a/translations/es-ES/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account.md
+++ b/translations/es-ES/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account.md
@@ -49,5 +49,5 @@ For an overview of repository-level security, see "[Securing your repository](/c
 ## Further reading
 
 - "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)"
-- "[Managing vulnerabilities in your project's dependencies](/github/managing-security-vulnerabilities/managing-vulnerabilities-in-your-projects-dependencies)"
+- "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)"
 - "[Keeping your dependencies updated automatically](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically)"
diff --git a/translations/es-ES/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/permission-levels-for-a-user-account-repository.md b/translations/es-ES/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/permission-levels-for-a-user-account-repository.md
index fadc98773a40..e9b90a2b1092 100644
--- a/translations/es-ES/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/permission-levels-for-a-user-account-repository.md
+++ b/translations/es-ES/content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/permission-levels-for-a-user-account-repository.md
@@ -45,7 +45,7 @@ The repository owner has full control of the repository. In addition to the acti
 | Customize the repository's social media preview | "[Customizing your repository's social media preview](/github/administering-a-repository/customizing-your-repositorys-social-media-preview)" |
 | Create a template from the repository | "[Creating a template repository](/github/creating-cloning-and-archiving-repositories/creating-a-template-repository)" |{% ifversion fpt or ghes or ghae-issue-4864 or ghec %}
 | Control access to {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies | "[Managing security and analysis settings for your repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)" |{% endif %}{% ifversion fpt or ghec %}
-| Dismiss {% data variables.product.prodname_dependabot_alerts %} in the repository | "[Viewing and updating vulnerable dependencies in your repository](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" |
+| Dismiss {% data variables.product.prodname_dependabot_alerts %} in the repository | "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)" |
 | Manage data use for a private repository | "[Managing data use settings for your private repository](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)"|{% endif %}
 | Define code owners for the repository | "[About code owners](/github/creating-cloning-and-archiving-repositories/about-code-owners)" |
 | Archive the repository | "[Archiving repositories](/repositories/archiving-a-github-repository/archiving-repositories)" |{% ifversion fpt or ghec %}
diff --git a/translations/es-ES/content/actions/security-guides/encrypted-secrets.md b/translations/es-ES/content/actions/security-guides/encrypted-secrets.md
index 8edb2efe7dd5..745131560f08 100644
--- a/translations/es-ES/content/actions/security-guides/encrypted-secrets.md
+++ b/translations/es-ES/content/actions/security-guides/encrypted-secrets.md
@@ -226,6 +226,10 @@ steps:
 ```
 {% endraw %}
 
+Secrets cannot be directly referenced in `if:` conditionals. Instead, consider setting secrets as job-level environment variables, then referencing the environment variables to conditionally run steps in the job. For more information, see "[Context availability](/actions/learn-github-actions/contexts#context-availability)" and [`jobs.<job_id>.steps[*].if`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsif).
+
+If a secret has not been set, the return value of an expression referencing the secret (such as {% raw %}`${{ secrets.SuperSecret }}`{% endraw %} in the example) will be an empty string.
+
 Evita pasar secretos entre procesos desde la línea de comando, siempre que sea posible. Command-line processes may be visible to other users (using the `ps` command) or captured by [security audit events](https://docs.microsoft.com/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing). Para ayudar a proteger los secretos, considera usar variables de entorno, `STDIN` u otros mecanismos admitidos por el proceso de destino.
 
 Si debes pasar secretos dentro de una línea de comando, enciérralos usando las normas de uso de comillas adecuadas. Los secretos suelen contener caracteres especiales que pueden afectar involuntariamente a tu shell. Para evitar estos caracteres especiales, usa comillas en tus variables de entorno. Por ejemplo:
diff --git a/translations/es-ES/content/actions/using-workflows/workflow-syntax-for-github-actions.md b/translations/es-ES/content/actions/using-workflows/workflow-syntax-for-github-actions.md
index 9f67d03ed70b..40e81f395f75 100644
--- a/translations/es-ES/content/actions/using-workflows/workflow-syntax-for-github-actions.md
+++ b/translations/es-ES/content/actions/using-workflows/workflow-syntax-for-github-actions.md
@@ -342,6 +342,31 @@ steps:
     uses: actions/heroku@1.0.0
 ```
 
+#### Example: Using secrets
+
+Secrets cannot be directly referenced in `if:` conditionals. Instead, consider setting secrets as job-level environment variables, then referencing the environment variables to conditionally run steps in the job.
+
+If a secret has not been set, the return value of an expression referencing the secret (such as {% raw %}`${{ secrets.SuperSecret }}`{% endraw %} in the example) will be an empty string.
+
+{% raw %}
+```yaml
+name: Run a step if a secret has been set
+on: push
+jobs:
+  my-jobname:
+    runs-on: ubuntu-latest
+    env:
+      super_secret: ${{ secrets.SuperSecret }}
+    steps:
+      - if: ${{ env.super_secret != '' }}
+        run: echo 'This step will only run if the secret has a value set.'
+      - if: ${{ env.super_secret == '' }}
+        run: echo 'This step will only run if the secret does not have a value set.'
+```
+{% endraw %}
+
+For more information, see "[Context availability](/actions/learn-github-actions/contexts#context-availability)" and "[Encrypted secrets](/actions/security-guides/encrypted-secrets)."
+
 ### `jobs.<job_id>.steps[*].name`
 
 A name for your step to display on {% data variables.product.prodname_dotcom %}.
diff --git a/translations/es-ES/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/deploying-github-advanced-security-in-your-enterprise.md b/translations/es-ES/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/deploying-github-advanced-security-in-your-enterprise.md
index b6cc0de3c55e..2e1783d27649 100644
--- a/translations/es-ES/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/deploying-github-advanced-security-in-your-enterprise.md
+++ b/translations/es-ES/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/deploying-github-advanced-security-in-your-enterprise.md
@@ -271,7 +271,7 @@ GitHub te permite evitar utilizar software de terceros que contenga vulnerabilid
 
 | Herramienta de administración de dependencias  | Descripción                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
 | ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| Alertas del dependabot                         | Puedes rastrear las dependencias de tu repositorio y recibir las alertas del dependabot cuando tu empresa detecte dependencias vulnerables. Para obtener más información, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)".                                                                                                                                                                                                       |
+| Alertas del dependabot                         | Puedes rastrear las dependencias de tu repositorio y recibir las alertas del dependabot cuando tu empresa detecte dependencias vulnerables. Para obtener más información, consulta la sección "[Acerca de{% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)".                                                                                                                                                                                            |
 | Gráfica de dependencias                        | La gráfica de dependencias es un resumen de los archivos de bloqueo y de manifiesto que se almacenan en un repositorio. Te muestra los ecosistemas y paquetes de los cuales depende tu base de código (sus dependencias) y los repositorios y paquetes que dependen de tu proyecto (sus dependencias). Para obtener más información, consulta la sección "[Acerca de la gráfica de dependencias](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)". |{% ifversion ghes > 3.1 or ghec %}
 | Revisión de dependencias                       | Si una solicitud de cambios contiene cambios a las dependencias, puedes ver un resumen de lo que ha cambiado y si es que existen vulnerabilidades conocidas en cualquiera de estas dependencias. Para obtener más información, consulta la sección "[Acerca de la revisión de dependencias](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)" o "[Revisar los cambios de dependencias en una solicitud de cambios](/github/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request)". |{% endif %} {% ifversion ghec or ghes > 3.2 %}
 | Actualziaciones de seguridad del dependabot    | El dependabot puede corregir las dependencias vulnerables levantando solicitudes de cambios con actualizaciones de seguridad. Para obtener más información, consulta la sección "[Acerca de las actualizaciones de seguridad del dependabot](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)".                                                                                                                                                                                                                          |
diff --git a/translations/es-ES/content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md b/translations/es-ES/content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md
index 61f7c695f94a..cb46734bfe12 100644
--- a/translations/es-ES/content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md
+++ b/translations/es-ES/content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md
@@ -49,7 +49,7 @@ También puedes elegir sincronizar manualmente los datos de vulnerabilidad en cu
 
 When {% data variables.product.product_location %} receives information about a vulnerability, it identifies repositories in  {% data variables.product.product_location %} that use the affected version of the dependency and generates {% data variables.product.prodname_dependabot_alerts %}. Puedes elegir si quieres notificar a los usuarios automáticamente acerca de las {% data variables.product.prodname_dependabot_alerts %} nuevas o no.
 
-Para los repositorios que cuenten con las {% data variables.product.prodname_dependabot_alerts %} habilitadas, el escaneo se activa en cualquier subida a la rama predeterminada. Additionally, when a new vulnerability record is added to {% data variables.product.product_location %}, {% data variables.product.product_name %} scans all existing repositories on {% data variables.product.product_location %} and generates alerts for any repository that is vulnerable. Para obtener más información, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)".
+Para los repositorios que cuenten con las {% data variables.product.prodname_dependabot_alerts %} habilitadas, el escaneo se activa en cualquier subida a la rama predeterminada. Additionally, when a new vulnerability record is added to {% data variables.product.product_location %}, {% data variables.product.product_name %} scans all existing repositories on {% data variables.product.product_location %} and generates alerts for any repository that is vulnerable. Para obtener más información, consulta la sección "[Acerca de{% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)".
 
 {% ifversion ghes > 3.2 %}
 ### Acerca de {% data variables.product.prodname_dependabot_updates %}
@@ -67,7 +67,7 @@ After you enable {% data variables.product.prodname_dependabot_alerts %}, you ca
 With {% data variables.product.prodname_dependabot_updates %}, {% data variables.product.company_short %} automatically creates pull requests to update dependencies in two ways.
 
 - **{% data variables.product.prodname_dependabot_version_updates %}**: Los usuarios agregan un archivo de configuración del {% data variables.product.prodname_dependabot %} al repositorio para habilitar el {% data variables.product.prodname_dependabot %} para que cree solicitudes de cambios cuando se lance una versión nueva de una dependencia rastreada. Para obtener más información, consulta la sección "[Acerca de las {% data variables.product.prodname_dependabot_version_updates %}](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates)".
-- **{% data variables.product.prodname_dependabot_security_updates %}**: Los usuarios pueden alternar un ajuste de repositorio para habilitar que el {% data variables.product.prodname_dependabot %} cree solicitudes de cambios cuando {% data variables.product.prodname_dotcom %} detecta una vulnerabilidad en una de las dependencias de la gráfica de dependencias del repositorio. Para obtener más información, consulta las secciones "[Acerca de las alertas para las dependencias vulnerables](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)" y "[Acerca de las {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)".
+- **{% data variables.product.prodname_dependabot_security_updates %}**: Los usuarios pueden alternar un ajuste de repositorio para habilitar que el {% data variables.product.prodname_dependabot %} cree solicitudes de cambios cuando {% data variables.product.prodname_dotcom %} detecta una vulnerabilidad en una de las dependencias de la gráfica de dependencias del repositorio. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)" and "[About {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)."
 {% endif %}
 
 ## Habilitar {% data variables.product.prodname_dependabot_alerts %}
diff --git a/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts.md b/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts.md
index 3d628cfa43ae..60fc384867e9 100644
--- a/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts.md
+++ b/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts.md
@@ -27,7 +27,15 @@ By default, {% data variables.product.prodname_code_scanning %} analyzes your co
 
 Each alert highlights a problem with the code and the name of the tool that identified it. You can see the line of code that triggered the alert, as well as properties of the alert, such as the alert severity{% ifversion fpt or ghes > 3.1 or ghae or ghec %}, security severity,{% endif %} and the nature of the problem. Alerts also tell you when the issue was first introduced. For alerts identified by {% data variables.product.prodname_codeql %} analysis, you will also see information on how to fix the problem.
 
+{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %}
+{% data reusables.code-scanning.alert-default-branch %}
+{% endif %}
+
+{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %}
 ![Example alert from {% data variables.product.prodname_code_scanning %}](/assets/images/help/repository/code-scanning-alert.png)
+{% else %}
+![Example alert from {% data variables.product.prodname_code_scanning %}](/assets/images/enterprise/3.4/repository/code-scanning-alert.png)
+{% endif %}
 
 If you set up {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}, you can also find data-flow problems in your code. Data-flow analysis finds potential security issues in code, such as: using data insecurely, passing dangerous arguments to functions, and leaking sensitive information.
 
diff --git a/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md b/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md
index d6ae1c809791..c8f214deaeed 100644
--- a/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md
+++ b/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md
@@ -46,9 +46,16 @@ By default, the code scanning alerts page is filtered to show alerts for the def
 {% else %}
    ![List of alerts from {% data variables.product.prodname_code_scanning %}](/assets/images/enterprise/3.1/help/repository/code-scanning-click-alert.png)
 {% endif %}
+{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %}
+     {% data reusables.code-scanning.alert-default-branch %}
+     ![The "Affected branches" section in an alert](/assets/images/help/repository/code-scanning-affected-branches.png){% endif %}
 1. Optionally, if the alert highlights a problem with data flow, click **Show paths** to display the path from the data source to the sink where it's used.
+  {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %}
    ![The "Show paths" link on an alert](/assets/images/help/repository/code-scanning-show-paths.png)
-1. Alerts from {% data variables.product.prodname_codeql %} analysis include a description of the problem. Click **Show more** for guidance on how to fix your code.
+   {% else %}
+   ![The "Show paths" link on an alert](/assets/images/enterprise/3.4/repository/code-scanning-show-paths.png)
+   {% endif %}
+2. Alerts from {% data variables.product.prodname_codeql %} analysis include a description of the problem. Click **Show more** for guidance on how to fix your code.
    ![Details for an alert](/assets/images/help/repository/code-scanning-alert-details.png)
 
 For more information, see "[About {% data variables.product.prodname_code_scanning %} alerts](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts)."
@@ -80,6 +87,10 @@ The benefit of using keyword filters is that only values with results are shown
 
 If you enter multiple filters, the view will show alerts matching _all_ these filters. For example, `is:closed severity:high branch:main` will only display closed high-severity alerts that are present on the `main` branch. The exception is filters relating to refs (`ref`, `branch` and `pr`): `is:open branch:main branch:next` will show you open alerts from both the `main` branch and the `next` branch.
 
+{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %}
+{% data reusables.code-scanning.filter-non-default-branches %}
+{% endif %}
+
 {% ifversion fpt or ghes > 3.3 or ghec %}
 
 You can prefix the `tag` filter with `-` to exclude results with that tag. For example, `-tag:style` only shows alerts that do not have the `style` tag{% if codeql-ml-queries %} and `-tag:experimental` will omit all experimental alerts. For more information, see "[About {% data variables.product.prodname_code_scanning %} alerts](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts#about-experimental-alerts)."{% else %}.{% endif %}
@@ -96,10 +107,12 @@ You can use the "Only alerts in application code" filter or `autofilter:true` ke
 
 You can search the list of alerts. This is useful if there is a large number of alerts in your repository, or if you don't know the exact name for an alert for example. {% data variables.product.product_name %} performs the free text search across:
 - The name of the alert
-- The alert description
 - The alert details (this also includes the information hidden from view by default in the **Show more** collapsible section)
-
+ {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %}
  ![The alert information used in searches](/assets/images/help/repository/code-scanning-free-text-search-areas.png)
+ {% else %}
+ ![The alert information used in searches](/assets/images/enterprise/3.4/repository/code-scanning-free-text-search-areas.png)
+ {% endif %}
 
 | Supported search | Syntax example | Results |
 | ---- | ---- | ---- |
@@ -113,7 +126,7 @@ You can search the list of alerts. This is useful if there is a large number of
 
 **Tips:** 
 - The multiple word search is equivalent to an OR search.
-- The AND search will return results where the search terms are found _anywhere_, in any order in the alert name, description, or details.
+- The AND search will return results where the search terms are found _anywhere_, in any order in the alert name or details.
 
 {% endtip %}
 
@@ -143,7 +156,7 @@ If you have write permission for a repository, you can view fixed alerts by view
 
 You can use{% ifversion fpt or ghes > 3.1 or ghae or ghec %} the free text search or{% endif %} the filters to display a subset of alerts and then in turn mark all matching alerts as closed. 
 
-Alerts may be fixed in one branch but not in another. You can use the "Branch" drop-down menu, on the summary of alerts, to check whether an alert is fixed in a particular branch.
+Alerts may be fixed in one branch but not in another. You can use the "Branch" filter, on the summary of alerts, to check whether an alert is fixed in a particular branch.
 
 {% ifversion fpt or ghes > 3.1 or ghae or ghec %}
 ![Filtering alerts by branch](/assets/images/help/repository/code-scanning-branch-filter.png)
@@ -151,6 +164,9 @@ Alerts may be fixed in one branch but not in another. You can use the "Branch" d
 ![Filtering alerts by branch](/assets/images/enterprise/3.1/help/repository/code-scanning-branch-filter.png)
 {% endif %}
 
+{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %}
+{% data reusables.code-scanning.filter-non-default-branches %}
+{% endif %}
 ## Dismissing or deleting alerts
 
 There are two ways of closing an alert. You can fix the problem in the code, or you can dismiss the alert. Alternatively, if you have admin permissions for the repository, you can delete alerts. Deleting alerts is useful in situations where you have set up a {% data variables.product.prodname_code_scanning %} tool and then decided to remove it, or where you have configured {% data variables.product.prodname_codeql %} analysis with a larger set of queries than you want to continue using, and you've then removed some queries from the tool. In both cases, deleting alerts allows you to clean up your {% data variables.product.prodname_code_scanning %} results. You can delete alerts from the summary list within the **Security** tab.
diff --git a/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists.md b/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists.md
index 66e2303aa06f..8b327645828d 100644
--- a/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists.md
+++ b/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists.md
@@ -39,7 +39,11 @@ You can use more than one issue to track the same {% data variables.product.prod
 
 - A "tracked in" section will also show in the corresponding alert page. 
 
+  {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %}
   ![Tracked in section on code scanning alert page](/assets/images/help/repository/code-scanning-alert-tracked-in-pill.png)
+  {% else %}
+  ![Tracked in section on code scanning alert page](/assets/images/enterprise/3.4/repository/code-scanning-alert-tracked-in-pill.png)
+  {% endif %}
 
 - On the tracking issue, {% data variables.product.prodname_dotcom %} displays a security badge icon in the task list and on the hovercard. 
   
@@ -65,7 +69,11 @@ The status of the tracked alert won't change if you change the checkbox state of
 1. Optionally, to find the alert to track, you can use the free-text search or the drop-down menus to filter and locate the alert. For more information, see "[Managing code scanning alerts for your repository](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository#filtering-code-scanning-alerts)."
 {% endif %}
 1. Towards the top of the page, on the right side, click **Create issue**. 
+   {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %}
    ![Create a tracking issue for the code scanning alert](/assets/images/help/repository/code-scanning-create-issue-for-alert.png)
+   {% else %}
+   ![Create a tracking issue for the code scanning alert](/assets/images/enterprise/3.4/repository/code-scanning-create-issue-for-alert.png)
+   {% endif %}
    {% data variables.product.prodname_dotcom %} automatically creates an issue to track the alert and adds the alert as a task list item.
    {% data variables.product.prodname_dotcom %} prepopulates the issue:
    - The title contains the name of the {% data variables.product.prodname_code_scanning %} alert.
diff --git a/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md b/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md
index 66ae7d484f3e..29eaaa3ea7f0 100644
--- a/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md
+++ b/translations/es-ES/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md
@@ -74,10 +74,17 @@ If you have write permission for the repository, some annotations contain links
 
 To see more information about an alert, users with write permission can click the **Show more details** link shown in the annotation. This allows you to see all of the context and metadata provided by the tool in an alert view. In the example below, you can see tags showing the severity, type, and relevant common weakness enumerations (CWEs) for the problem. The view also shows which commit introduced the problem.
 
+{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %}
+{% data reusables.code-scanning.alert-default-branch %}
+{% endif %}
+
 In the detailed view for an alert, some {% data variables.product.prodname_code_scanning %} tools, like {% data variables.product.prodname_codeql %} analysis, also include a description of the problem and a **Show more** link for guidance on how to fix your code.
 
+{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-6249 %}
 ![Alert description and link to show more information](/assets/images/help/repository/code-scanning-pr-alert.png)
-
+{% else %}
+![Alert description and link to show more information](/assets/images/enterprise/3.4/repository/code-scanning-pr-alert.png)
+{% endif %}
 ## Fixing an alert on your pull request
 
 Anyone with push access to a pull request can fix a {% data variables.product.prodname_code_scanning %} alert that's identified on that pull request. If you commit changes to the pull request this triggers a new run of the pull request checks. If your changes fix the problem, the alert is closed and the annotation removed.
diff --git a/translations/es-ES/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md b/translations/es-ES/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md
new file mode 100644
index 000000000000..5d5a3dd9d729
--- /dev/null
+++ b/translations/es-ES/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md
@@ -0,0 +1,101 @@
+---
+title: About Dependabot alerts
+intro: '{% data variables.product.product_name %} envía {% data variables.product.prodname_dependabot_alerts %} cuando detectamos vulnerabilidades que afectan tu repositorio.'
+redirect_from:
+  - /articles/about-security-alerts-for-vulnerable-dependencies
+  - /github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies
+  - /github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies
+  - /code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies
+  - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies
+versions:
+  fpt: '*'
+  ghes: '*'
+  ghae: issue-4864
+  ghec: '*'
+type: overview
+topics:
+  - Dependabot
+  - Alerts
+  - Vulnerabilities
+  - Repositories
+  - Dependencies
+shortTitle: Las alertas del dependabot
+---
+
+<!--Marketing-LINK: From /features/security/software-supply-chain page "About alerts for vulnerable dependencies ".-->
+
+## Acerca de las dependencias vulnerables
+
+{% data reusables.repositories.a-vulnerability-is %}
+
+Cuando tu código depende de un paquete que tiene una vulnerabilidad de seguridad, esta dependencia puede causar una serie de problemas para tu proyecto o para las personas que lo utilizan.
+
+## Detección de dependencias vulnerables
+
+{% data reusables.dependabot.dependabot-alerts-beta %}
+
+El {% data variables.product.prodname_dependabot %} lleva a cabo un escaneo para detectar las dependencias vulnerables y envía {% data variables.product.prodname_dependabot_alerts %} cuando:
+
+{% ifversion fpt or ghec %}
+- Se agrega una vulnerabilidad nueva a la {% data variables.product.prodname_advisory_database %}. Para obtener más información, consulta las secciones "[Buscar vulnerabilidades de seguridad en la {% data variables.product.prodname_advisory_database %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database)" y [Acerca de las {% data variables.product.prodname_security_advisories %}](/code-security/security-advisories/about-github-security-advisories)".{% else %}
+- Se sincronizan los datos de las asesorías nuevas en {% data variables.product.product_location %} cada hora desde {% data variables.product.prodname_dotcom_the_website %}. {% data reusables.security-advisory.link-browsing-advisory-db %}{% endif %}
+  {% note %}
+
+  **Nota:** Solo las asesorías que ha revisado {% data variables.product.company_short %} activarán las {% data variables.product.prodname_dependabot_alerts %}.
+
+  {% endnote %}
+- La gráfica de dependencias para los cambios a un repositorio. Por ejemplo, cuando un colaborador sube una confirmación para cambiar los paquetes o versiones de los cuales depende{% ifversion fpt or ghec %}, o cuando cambia el código de alguna de las dependencias{% endif %}. Para obtener más información, consulta la sección "[Acerca de la gráfica de dependencias](/code-security/supply-chain-security/about-the-dependency-graph)".
+
+{% data reusables.repositories.dependency-review %}
+
+Para encontrar una lista de ecosistemas para las cuales {% data variables.product.product_name %} puede detectar vulnerabilidades y dependencias, consulta la sección [ecosistemas de paquete compatibles](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)".
+
+{% note %}
+
+**Nota:** Es importante mantener actualizados tu manifiesto y tus archivos bloqueados. Si la gráfica de dependencias no refleja con exactitud tus versiones y dependencias actuales, entonces podrías dejar pasar las alertas de las dependencias vulnerables que utilizas. También podrías obtener alertas de las dependencias que ya no utilizas.
+
+{% endnote %}
+
+## {% data variables.product.prodname_dependabot_alerts %} para dependencias vulnerables
+
+{% data reusables.repositories.enable-security-alerts %}
+
+{% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %} detecta las dependencias vulnerables en los repositorios _públicos_ y muestra la gráfica de dependencias, pero no genera {% data variables.product.prodname_dependabot_alerts %} predeterminadamente. Los propietarios de repositorios o las personas con acceso administrativo pueden habilitar las {% data variables.product.prodname_dependabot_alerts %} para los repositorios públicos. Los propietarios de los repositorios privados o las personas con acceso administrativo puede habilitar las {% data variables.product.prodname_dependabot_alerts %} si habilitan la gráfica de dependencias y las {% data variables.product.prodname_dependabot_alerts %} para sus repositorios.
+
+También puedes habilitar o inhabilitar las {% data variables.product.prodname_dependabot_alerts %} para todos los repositorios que pertenezcan atu cuenta de usuario u organización. Para obtener más información, consulta la sección "[Administrar la seguridad y la configuración de análisis para tu cuenta de usuario](/github/setting-up-and-managing-your-github-user-account/managing-security-and-analysis-settings-for-your-user-account)" o la sección "[Administrar la configuración de seguridad y análisis para tu organización](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)".
+
+Para obtener más información sobre los requisitos de acceso para las acciones que se relacionan con las {% data variables.product.prodname_dependabot_alerts %}, consulta la sección "[Roles de repositorio para una organización](/organizations/managing-access-to-your-organizations-repositories/repository-roles-for-an-organization#access-requirements-for-security-features)".
+
+{% data variables.product.product_name %} comienza a generar la gráfica de dependencias inmediatamente y genera alertas de cualquier dependencia vulnerable tan pronto como las identifique. La gráfica se llena en cuestión de minutos habitualmente, pero esto puede tardar más para los repositorios que tengan muchas dependencias. Para obtener más información, consulta la sección "[Administrar la configuración de uso de datos para tu repositorio privado](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)".
+{% endif %}
+
+Cuando {% data variables.product.product_name %} identifica una dependencia vulnerable, generamos una alerta del {% data variables.product.prodname_dependabot %} y la mostramos {% ifversion fpt or ghec or ghes %}en la pestaña de Seguridad del repositorio y{% endif %} en la gráfica de dependencias del mismo. La alerta incluye {% ifversion fpt or ghec or ghes %}un enlace al archivo afectado en el proyecto e{% endif %}información sobre una versión corregida. {% data variables.product.product_name %} también podría notificar a los mantenedores de los repositorios afectados sobre la nueva alerta de acuerdo con sus preferencias de notificaciones. Para obtener más información, consulta la sección "[Configurar las notificaciones para las dependencias vulnerables](/code-security/supply-chain-security/configuring-notifications-for-vulnerable-dependencies)".
+
+{% ifversion fpt or ghec or ghes > 3.2 %}
+Para los repositorios en donde están habilitadas las {% data variables.product.prodname_dependabot_security_updates %}, la alerta también podría contener un enlace a una solicitud de cambios o a una actualización en el archivo de bloqueo o de manifiesto para la versión mínima que resuelva la vulnerabilidad. Para obtener más información, consulta la sección "[Acerca de las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)".
+{% endif %}
+
+{% warning %}
+
+**Nota**: Las características de seguridad de {% data variables.product.product_name %} no aseguran que se detectarán todas las vulnerabilidades. Aunque siempre estamos tratando de actualizar nuestra base de datos de vulnerabilidades y de generar alertas con nuestra información más actualizada, no podremos atrapar todo o garantizar decirte acerca de las vulnerabilidades conocidas dentro de un periodo de tiempo determinado. Estas características no son sustitutos de la revisión humana de cada dependencia por posibles vulnerabilidades o cualquier otra cuestión. Te recomendamos consultar con un servicio de seguridad o realizar una revisión de vulnerabilidad exhaustiva cuando sea necesario.
+
+{% endwarning %}
+
+## Acceder a las {% data variables.product.prodname_dependabot_alerts %}
+
+Puedes ver todas las alertas que afectan un proyecto en particular{% ifversion fpt or ghec %} en la pestaña de Seguridad del repositorio o{% endif %} en la gráfica de dependencias del repositorio. For more information, see "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)."
+
+Predeterminadamente, notificamos a las personas con permisos administrativos en los repositorios afectados sobre las {% data variables.product.prodname_dependabot_alerts %} nuevas. {% ifversion fpt or ghec %}{% data variables.product.product_name %} nunca divulga públicamente las vulnerabilidades identificadas de ningún repositorio. También puedes hacer que las {% data variables.product.prodname_dependabot_alerts %} sean visibles para más personas o equipos que trabajen en los repositorios que te pertenecen o para los cuales tienes permisos administrativos. Para obtener más información, consulta la sección "[Administrar la configuración de seguridad y análisis para tu repositorio](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)".
+{% endif %}
+
+{% data reusables.notifications.vulnerable-dependency-notification-enable %}
+{% data reusables.notifications.vulnerable-dependency-notification-delivery-method-customization2 %} Para obtener más información, consulta la sección "[Configurar las notificaciones para las dependencias vulnerables](/code-security/supply-chain-security/configuring-notifications-for-vulnerable-dependencies)".
+
+También puedes ver todas las {% data variables.product.prodname_dependabot_alerts %} que corresponden a una vulnerabilidad en particular en la {% data variables.product.prodname_advisory_database %}. {% data reusables.security-advisory.link-browsing-advisory-db %}
+
+{% ifversion fpt or ghec or ghes > 3.2 %}
+## Leer más
+
+- "[Acerca de las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)"
+- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/articles/viewing-and-updating-vulnerable-dependencies-in-your-repository)"{% endif %}
+{% ifversion fpt or ghec %}- "[Privacidad en {% data variables.product.prodname_dotcom %}](/get-started/privacy-on-github)"{% endif %}
diff --git a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database.md b/translations/es-ES/content/code-security/dependabot/dependabot-alerts/browsing-security-vulnerabilities-in-the-github-advisory-database.md
similarity index 92%
rename from translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database.md
rename to translations/es-ES/content/code-security/dependabot/dependabot-alerts/browsing-security-vulnerabilities-in-the-github-advisory-database.md
index 429a422217f4..b9fa1675b030 100644
--- a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database.md
+++ b/translations/es-ES/content/code-security/dependabot/dependabot-alerts/browsing-security-vulnerabilities-in-the-github-advisory-database.md
@@ -6,6 +6,7 @@ miniTocMaxHeadingLevel: 3
 redirect_from:
   - /github/managing-security-vulnerabilities/browsing-security-vulnerabilities-in-the-github-advisory-database
   - /code-security/supply-chain-security/browsing-security-vulnerabilities-in-the-github-advisory-database
+  - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database
 versions:
   fpt: '*'
   ghec: '*'
@@ -36,7 +37,7 @@ Las asesorías que revisa {% data variables.product.company_short %} son vulnera
 
 Revisamos la validez de cada asesoría cuidadosamente. Cada asesoría que revisa {% data variables.product.company_short %} tiene una descripción completa y contiene información tanto del ecosistema como del paquete.
 
-Si habilitas las {% data variables.product.prodname_dependabot_alerts %} para tus repositorios, se te notifica automáticamente cuando una asesoría que revisa {% data variables.product.company_short %} afecta a los paquetes de los que dependes. Para obtener más información, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)".
+Si habilitas las {% data variables.product.prodname_dependabot_alerts %} para tus repositorios, se te notifica automáticamente cuando una asesoría que revisa {% data variables.product.company_short %} afecta a los paquetes de los que dependes. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."
 
 ### Acerca de las asesorías sin revisar
 
@@ -76,7 +77,7 @@ También se puede acceder a la base de datos utilizando la API de GraphQL. Para
 {% endnote %}
 
 ## Editar una asesoría en la {% data variables.product.prodname_advisory_database %}
-Puedes sugerir mejoras a cualquier asesoría en la {% data variables.product.prodname_advisory_database %}. Para obtener más información, consulta la sección "[Editar las asesorías de seguridad en la {% data variables.product.prodname_advisory_database %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database)".
+Puedes sugerir mejoras a cualquier asesoría en la {% data variables.product.prodname_advisory_database %}. For more information, see "[Editing security advisories in the {% data variables.product.prodname_advisory_database %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database)."
 
 ## Buscar en la {% data variables.product.prodname_advisory_database %} por coincidencia exacta
 
@@ -107,7 +108,7 @@ Puedes buscar la base de datos y utilizar los calificadores para definir más tu
 
 ## Visualizar tus repositorios vulnerables
 
-Para cualquier asesoría que revise {% data variables.product.company_short %} en la {% data variables.product.prodname_advisory_database %}, puedes ver cuáles de tus repositorios se ven afectados por esa vulnerabilidad de seguridad. Para ver un repositorio vulnerable, debes tener acceso a las {% data variables.product.prodname_dependabot_alerts %} de este. Para obtener más información, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#access-to-dependabot-alerts)".
+Para cualquier asesoría que revise {% data variables.product.company_short %} en la {% data variables.product.prodname_advisory_database %}, puedes ver cuáles de tus repositorios se ven afectados por esa vulnerabilidad de seguridad. Para ver un repositorio vulnerable, debes tener acceso a las {% data variables.product.prodname_dependabot_alerts %} de este. Para obtener más información, consulta la sección "[Acerca de las {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#access-to-dependabot-alerts)".
 
 1. Navega hasta https://github.com/advisories.
 2. Haz clic en una asesoría.
diff --git a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies.md b/translations/es-ES/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md
similarity index 87%
rename from translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies.md
rename to translations/es-ES/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md
index 79451b4dcf64..0387ee09279b 100644
--- a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies.md
+++ b/translations/es-ES/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md
@@ -1,10 +1,11 @@
 ---
-title: Configurar las notificaciones para las dependencias vulnerables
-shortTitle: Configurar notificaciones
+title: Configuring notifications for Dependabot alerts
+shortTitle: Configure notifications
 intro: 'Optimiza la forma en la que recibes notificaciones de {% data variables.product.prodname_dependabot_alerts %}.'
 redirect_from:
   - /github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies
   - /code-security/supply-chain-security/configuring-notifications-for-vulnerable-dependencies
+  - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies
 versions:
   fpt: '*'
   ghes: '*'
@@ -51,7 +52,7 @@ Puedes configurar los ajustes de notificaciones para ti mismo o para tu organiza
 
 {% note %}
 
-**Nota:** Puedes filtrar tus notificaciones en {% data variables.product.company_short %} para mostrar las {% data variables.product.prodname_dependabot_alerts %}. Para recibir más información, consulta la sección "[Administrar las notificaciones desde tu bandeja de entrada](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox#dependabot-custom-filters)".
+**Nota:** Puedes filtrar tus notificaciones en {% data variables.product.company_short %} para mostrar las {% data variables.product.prodname_dependabot_alerts %}. Para obtener más información, consulta la sección "[Administrar notificación desde tu bandeja de entrada](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox#dependabot-custom-filters)".
 
 {% endnote %}
 
@@ -59,7 +60,7 @@ Puedes configurar los ajustes de notificaciones para ti mismo o para tu organiza
 
 ## Cómo reducir el ruido de las notificaciones para las dependencias vulnerables
 
-Si te preocupa recibir demasiadas notificaciones para las {% data variables.product.prodname_dependabot_alerts %}, te recomendamos que te unas al resumen semanal por correo electrónico o que apagues las notificaciones mientras mantienes habilitadas las {% data variables.product.prodname_dependabot_alerts %}. Aún puedes navegar para ver tus {% data variables.product.prodname_dependabot_alerts %} en la pestaña de seguridad de tu repositorio. Para obtener más información, consulta la sección "[Visualizar y actualizar las dependencias vulnerables en tu repositiorio](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)".
+Si te preocupa recibir demasiadas notificaciones para las {% data variables.product.prodname_dependabot_alerts %}, te recomendamos que te unas al resumen semanal por correo electrónico o que apagues las notificaciones mientras mantienes habilitadas las {% data variables.product.prodname_dependabot_alerts %}. Aún puedes navegar para ver tus {% data variables.product.prodname_dependabot_alerts %} en la pestaña de seguridad de tu repositorio. For more information, see "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)."
 
 ## Leer más
 
diff --git a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database.md b/translations/es-ES/content/code-security/dependabot/dependabot-alerts/editing-security-advisories-in-the-github-advisory-database.md
similarity index 94%
rename from translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database.md
rename to translations/es-ES/content/code-security/dependabot/dependabot-alerts/editing-security-advisories-in-the-github-advisory-database.md
index 2521a88f09f6..506b79db1970 100644
--- a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database.md
+++ b/translations/es-ES/content/code-security/dependabot/dependabot-alerts/editing-security-advisories-in-the-github-advisory-database.md
@@ -3,6 +3,7 @@ title: Editing security advisories in the GitHub Advisory Database
 intro: 'You can submit improvements to any advisory published in the {% data variables.product.prodname_advisory_database %}.'
 redirect_from:
   - /code-security/security-advisories/editing-security-advisories-in-the-github-advisory-database
+  - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database
 versions:
   fpt: '*'
   ghec: '*'
diff --git a/translations/es-ES/content/code-security/dependabot/dependabot-alerts/index.md b/translations/es-ES/content/code-security/dependabot/dependabot-alerts/index.md
new file mode 100644
index 000000000000..b6b5ef662787
--- /dev/null
+++ b/translations/es-ES/content/code-security/dependabot/dependabot-alerts/index.md
@@ -0,0 +1,24 @@
+---
+title: Identifying vulnerabilities in your project's dependencies with Dependabot alerts
+shortTitle: Las alertas del dependabot
+intro: '{% data variables.product.prodname_dependabot %} generates {% data variables.product.prodname_dependabot_alerts %} when known vulnerabilites are detected in dependencies that your project uses.'
+allowTitleToDifferFromFilename: true
+versions:
+  fpt: '*'
+  ghes: '*'
+  ghae: issue-4864
+  ghec: '*'
+topics:
+  - Dependabot
+  - Alerts
+  - Vulnerabilities
+  - Repositories
+  - Dependencies
+children:
+  - /browsing-security-vulnerabilities-in-the-github-advisory-database
+  - /editing-security-advisories-in-the-github-advisory-database
+  - /about-dependabot-alerts
+  - /viewing-and-updating-dependabot-alerts
+  - /configuring-notifications-for-dependabot-alerts
+---
+
diff --git a/translations/es-ES/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md b/translations/es-ES/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md
new file mode 100644
index 000000000000..ec69f49a520c
--- /dev/null
+++ b/translations/es-ES/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md
@@ -0,0 +1,106 @@
+---
+title: Viewing and updating Dependabot alerts
+intro: 'Si {% data variables.product.product_name %} descubre una dependencia vulnerable en tu proyecto, podrás verla en la pestaña de alertas del Dependabot de tu repositorio. Posteriormente, podrás actualizar tu proyecto para resolver o descartar la vulnerabilidad.'
+redirect_from:
+  - /articles/viewing-and-updating-vulnerable-dependencies-in-your-repository
+  - /github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository
+  - /code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository
+  - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository
+permissions: Repository administrators and organization owners can view and update dependencies.
+shortTitle: View Dependabot alerts
+versions:
+  fpt: '*'
+  ghes: '*'
+  ghae: issue-4864
+  ghec: '*'
+type: how_to
+topics:
+  - Dependabot
+  - Security updates
+  - Alerts
+  - Dependencies
+  - Pull requests
+  - Repositories
+---
+
+{% data reusables.dependabot.beta-security-and-version-updates %}
+{% data reusables.dependabot.enterprise-enable-dependabot %}
+
+La pestaña de {% data variables.product.prodname_dependabot_alerts %} de tu repositorio lista todas las{% data variables.product.prodname_dependabot_alerts %} abiertas y cerradas{% ifversion fpt or ghec or ghes > 3.2 %}, así como las {% data variables.product.prodname_dependabot_security_updates %} correspondientes{% endif %}. Puedes{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5638 %} filtrar las alertas por paquete, ecosistema o manifiesto. Tambén puedes{% endif %} clasificar la lista de alertas y hacer clic en ellas para obtener más detalles. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."
+
+{% ifversion fpt or ghec or ghes > 3.2 %}
+Puedes habilitar las alertas de seguridad automáticas para cualquier repositorio que utilice {% data variables.product.prodname_dependabot_alerts %} y la gráfica de dependencias. Para obtener más información, consulta la sección "[Acerca de las {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)".
+{% endif %}
+
+{% data reusables.repositories.dependency-review %}
+
+{% ifversion fpt or ghec or ghes > 3.2 %}
+## Acerca de las actualizaciones para las dependencias vulnerables en tu repositorio
+
+{% data variables.product.product_name %} genera {% data variables.product.prodname_dependabot_alerts %} cuando detectamos que tu base de código está utilizando dependencias con vulnerabilidades conocidas. Para los repositorios en donde se habilitan las {% data variables.product.prodname_dependabot_security_updates %} cuando {% data variables.product.product_name %} detecta una dependencia vulnerable en la rama predeterminada, {% data variables.product.prodname_dependabot %} crea una solicitud de cambios para arreglarla. La solicitud de extracción mejorará la dependencia a la versión segura mínima que sea posible y necesaria para evitar la vulnerabilidad.
+
+{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5638 %}Puedes clasificar y filtrar las {% data variables.product.prodname_dependabot_alerts %} con los menús desplegables en la pestaña de {% data variables.product.prodname_dependabot_alerts %} o tecleando filtros tales como pares de `key:value` en la barra de búsqueda. Los filtros disponibles son los de repositorio (pro ejemplo, `repo:my-repository`), paquete (por ejemplo, `package:django`), ecosistema (por ejemplo, `ecosystem:npm`), manifiesto (por ejemplo, `manifest:webwolf/pom.xml`), estado (por ejemplo, `is:open`) y si la asesoría tiene un parche (por ejemplo, `has: patch`).
+
+Cada alerta del {% data variables.product.prodname_dependabot %} tiene un identificador numérico único y la pestaña de {% data variables.product.prodname_dependabot_alerts %} lista una alerta por cada vulnerabilidad detectada. Las {% data variables.product.prodname_dependabot_alerts %} tradicionales agrupan vulnerabilidades por dependencia y generan una sola alerta por dependencia. Si navegas a una alerta tradicional del {% data variables.product.prodname_dependabot %}, se te redirigirá a una pestaña de {% data variables.product.prodname_dependabot_alerts %} filtradas para este paquete. {% endif %}
+{% endif %}
+
+## Ver y actualizar las dependencias vulnerables
+
+{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5638 %}
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-security %}
+{% data reusables.repositories.sidebar-dependabot-alerts %}
+1. Opcionalmente, para filtrar alertas, selecciona el menú desplegable de **Repositorio**, l **Paquete**, **Ecosistema** o **Manifiesto** y luego haz clic en el filtro que te gustaría aplicar. También puedes teclear filtros en la barra de búsqueda. Por ejemplo, `ecosystem:npm` o `has:patch`. Para ordenar las alertas, selecciona el menú desplegable **Ordenar** y luego haz clic en la opción por la cual te gustaría ordenarlas. ![Captura de pantalla del filtro y menús de clasificación en la pestaña de las {% data variables.product.prodname_dependabot_alerts %}](/assets/images/help/graphs/dependabot-alerts-filters.png)
+1. Haz clic en la alerta que te gustaría ver. ![Alerta seleccionada en la lista de alertas](/assets/images/help/graphs/click-alert-in-alerts-list-ungrouped.png)
+1. Revisa los detalles de la vulnerabilidad y, en caso de que esté disponible, la solicitud de extracción que contienen la actualización de seguridad automatizada.
+1. Opcionalmente, si no existe ya una actualización de {% data variables.product.prodname_dependabot_security_updates %} para la alerta, para crear una solicitud de extracción o para resolver la vulnerabilidad, da clic en **Crear una actualización de eguridad del {% data variables.product.prodname_dependabot %}**. ![Crea un botón de actualización de seguridad del {% data variables.product.prodname_dependabot %}](/assets/images/help/repository/create-dependabot-security-update-button-ungrouped.png)
+1. Cuando estés listo para actualizar tu dependencia y resolver la vulnerabilidad, fusiona la solicitud de extracción. Cada solicitud de extracción que levante el {% data variables.product.prodname_dependabot %} incluye información sobre los comandos que puedes utilizar para controlar el {% data variables.product.prodname_dependabot %}. Para obtener más información, consulta la sección "[Adminsitrar las solicitudes de extracción para las actualizaciones de las dependencias](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands)".
+1. Optionally, if the alert is being fixed, if it's incorrect, or located in unused code, select the "Dismiss" dropdown, and click a reason for dismissing the alert.{% if reopen-dependabot-alerts %} Unfixed dismissed alerts can be reopened later.{% endif %} ![Elegir una razón para descartar la alerta a través del menú desplegable de "Descartar"](/assets/images/help/repository/dependabot-alert-dismiss-drop-down-ungrouped.png)
+
+{% elsif ghes = 3.3 %}
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-security %}
+{% data reusables.repositories.sidebar-dependabot-alerts %}
+1. Haz clic en la alerta que quieres ver. ![Alerta seleccionada en la lista de alertas](/assets/images/help/graphs/click-alert-in-alerts-list.png)
+1. Revisa los detalles de la vulnerabilidad y, en caso de que esté disponible, la solicitud de extracción que contienen la actualización de seguridad automatizada.
+1. Opcionalmente, si no existe ya una actualización de {% data variables.product.prodname_dependabot_security_updates %} para la alerta, para crear una solicitud de extracción o para resolver la vulnerabilidad, da clic en **Crear una actualización de eguridad del {% data variables.product.prodname_dependabot %}**. ![Crea un botón de actualización de seguridad del {% data variables.product.prodname_dependabot %}](/assets/images/help/repository/create-dependabot-security-update-button.png)
+1. Cuando estés listo para actualizar tu dependencia y resolver la vulnerabilidad, fusiona la solicitud de extracción. Cada solicitud de extracción que levante el {% data variables.product.prodname_dependabot %} incluye información sobre los comandos que puedes utilizar para controlar el {% data variables.product.prodname_dependabot %}. Para obtener más información, consulta la sección "[Adminsitrar las solicitudes de extracción para las actualizaciones de las dependencias](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands)".
+1. Opcionalmente, si se está arreglando la alerta, si es incorrecta o si se ubica en una sección de código sin utilizar, selecciona el menú desplegable de "Descartar" y haz clic en una razón para descartar la alerta. ![Elegir una razón para descartar la alerta a través del menú desplegable de "Descartar"](/assets/images/help/repository/dependabot-alert-dismiss-drop-down.png)
+
+{% elsif ghes = 3.1 or ghes = 3.2 or ghae-issue-4864 %}
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-security %}
+{% data reusables.repositories.sidebar-dependabot-alerts %}
+1. Haz clic en la alerta que quieres ver. ![Alerta seleccionada en la lista de alertas](/assets/images/enterprise/graphs/click-alert-in-alerts-list.png)
+1. Revisa los detalles de la vulnerabilidad y determina si necesitas actualizar la dependencia o no.
+1. Cuando fusionas una solicitud de cambios que actualice el archivo de manifiesto o de bloqueo a una versión segura de la dependencia, esto resolverá la alerta. Como alternativa, si decides no actualizar la dependencia, selecciona el menú desplegable **Descartar** y haz clic en una razón para descartar la alerta. ![Elegir una razón para descartar la alerta a través del menú desplegable de "Descartar"](/assets/images/enterprise/repository/dependabot-alert-dismiss-drop-down.png)
+
+{% else %}
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.accessing-repository-graphs %}
+{% data reusables.repositories.click-dependency-graph %}
+1. Haz clic en el número de versión de la dependencia vulnerable para mostrar la información detallada. ![Información detallada de la dependencia vulnerable](/assets/images/enterprise/3.0/dependabot-alert-info.png)
+1. Revisa los detalles de la vulnerabilidad y determina si necesitas actualizar la dependencia o no. Cuando fusionas una solicitud de cambios que actualice el archivo de manifiesto o de bloqueo a una versión segura de la dependencia, esto resolverá la alerta.
+1. El letrero en la parte superior de la pestaña de **Dependencias** se muestra hasta que todas las dependencias vulnerables se resuelven o hasta que lo descartes. Haz clic en **Descartar** en la esquina superior derecha del letrero y selecciona una razón para descartar la alerta. ![Descartar el letrero de seguridad](/assets/images/enterprise/3.0/dependabot-alert-dismiss.png)
+{% endif %}
+
+{% if reopen-dependabot-alerts %}
+
+## Viewing and updating closed alerts
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-security %}
+{% data reusables.repositories.sidebar-dependabot-alerts %}
+1. To just view closed alerts, click **Closed**. ![Screenshot showing the "Closed" option](/assets/images/help/repository/dependabot-alerts-closed.png)
+1. Click the alert that you would like to view or update. ![Screenshot showing a highlighted dependabot alert](/assets/images/help/repository/dependabot-alerts-select-closed-alert.png)
+2. Optionally, if the alert was dismissed and you wish to reopen it, click **Reopen**. ![Screenshot showing the "Reopen" button](/assets/images/help/repository/reopen-dismissed-alert.png)
+
+{% endif %}
+
+## Leer más
+
+- "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)"{% ifversion fpt or ghec or ghes > 3.2 %}
+- "[Configurar las {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates)"{% endif %}
+- "[Administrar la configuración de seguridad y de análisis para tu organización](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)"
+- "[Solucionar problemas en la detección de dependencias vulnerables](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies)"{% ifversion fpt or ghec or ghes > 3.2 %}
+- "[Solucionar problemas de los errores del {% data variables.product.prodname_dependabot %}](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)"{% endif %}
diff --git a/translations/es-ES/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md b/translations/es-ES/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md
new file mode 100644
index 000000000000..b71d2474707b
--- /dev/null
+++ b/translations/es-ES/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md
@@ -0,0 +1,67 @@
+---
+title: Acerca de las actualizaciones de seguridad del Dependabot
+intro: '{% data variables.product.prodname_dependabot %} puede arreglar tus dependencias vulnerables levantando solicitudes de extracción con actualizaciones de seguridad.'
+shortTitle: Actualizaciones de seguridad del dependabot
+redirect_from:
+  - /github/managing-security-vulnerabilities/about-github-dependabot-security-updates
+  - /github/managing-security-vulnerabilities/about-dependabot-security-updates
+  - /code-security/supply-chain-security/about-dependabot-security-updates
+  - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '> 3.2'
+type: overview
+topics:
+  - Dependabot
+  - Security updates
+  - Vulnerabilities
+  - Repositories
+  - Dependencies
+  - Pull requests
+---
+
+<!--Marketing-LINK: From /features/security/software-supply-chain page "About Dependabot security updates".-->
+
+{% data reusables.dependabot.beta-security-and-version-updates %}
+{% data reusables.dependabot.enterprise-enable-dependabot %}
+
+## Acerca de {% data variables.product.prodname_dependabot_security_updates %}
+
+Las {% data variables.product.prodname_dependabot_security_updates %} te facilitan el arreglar las dependencias vulnerables en tu repositorio. Si habilitas esta característica, cuando se levante una alerta del {% data variables.product.prodname_dependabot %} para una dependencia vulnerable en la gráfica de dependencias de tu repositorio, {% data variables.product.prodname_dependabot %} intentará arreglarla automáticamente. Para obtener más información, consulta las secciones "[Acerca de las {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" y "[Configurar las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)".
+
+{% data variables.product.prodname_dotcom %} podría enviar {% data variables.product.prodname_dependabot_alerts %} a los repositorios que se vieron afectados por la vulnerabilidad que se divulgó en una asesoría de seguridad de {% data variables.product.prodname_dotcom %} publicada recientemente. {% data reusables.security-advisory.link-browsing-advisory-db %}
+
+{% data variables.product.prodname_dependabot %} verifica si es posible actualizar la dependencia vulnerable a una versión arreglada sin irrumpir en la gráfica de dependencias para el repositorio. Posteriormente, el {% data variables.product.prodname_dependabot %} levanta una solicitud de cambios para actualizar la dependencia a la versión mínima que incluye el parche y los enlaces a la solicitud de cambios para la alerta del {% data variables.product.prodname_dependabot %}, o reporta un error en la alerta. Para obtener más información, consulta la sección "[Solucionar problemas para los errores del {% data variables.product.prodname_dependabot %}](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)".
+
+{% note %}
+
+**Nota**
+
+La característica de {% data variables.product.prodname_dependabot_security_updates %} se encuentra disponible para los repositorios en donde hayas habilitado la gráfica de dependencias y las {% data variables.product.prodname_dependabot_alerts %}. Verás una alerta del {% data variables.product.prodname_dependabot %} por cada dependencia vulnerable que se haya identificado en toda tu gráfica de dependencias. Sin embargo, las actualizaciones de seguridad se activan únicamente para las dependencias que se especifican en un archivo de manifiesto o de bloqueo. El {% data variables.product.prodname_dependabot %} no puede actualizar una dependencia indirecta o transitoria si no se define explícitamente. Para obtener más información, consulta la sección "[Acerca de la gráfica de dependencias](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#dependencies-included)".
+
+{% endnote %}
+
+Puedes habilitar una característica relacionada, {% data variables.product.prodname_dependabot_version_updates %}, para que el {% data variables.product.prodname_dependabot %} levante solicitudes de cambio para actualizar el manifiesto a la última versión de la dependencia cuando detecte una que esté desactualizada. Para obtener más información, consulta la sección "[Acerca de las actualizaciones de versión del {% data variables.product.prodname_dependabot %}](/github/administering-a-repository/about-dependabot-version-updates)".
+
+{% data reusables.dependabot.pull-request-security-vs-version-updates %}
+
+## Acerca de las solicitudes de cambios para las actualizaciones de seguridad
+
+Cada solicitud de cambios contiene todo lo que necesitas para revisar y fusionar de forma rápida y segura un arreglo propuesto en tu proyecto. Esto incluye la información acerca de la vulnerabilidad, como las notas de lanzamiento, las entradas de bitácora de cambios, y los detalles de confirmación. Los detalles de qué vulnerabilidad resuelve una solicitud de cambios se encuentran ocultos para cualquiera que no tenga acceso a las {% data variables.product.prodname_dependabot_alerts %} del repositorio en cuestión.
+
+Cuando fusionas una solicitud de cambios que contiene una actualización de seguridad, la alerta correspondiente del {% data variables.product.prodname_dependabot %} se marca como resuelta en el repositorio. Para obtener más información acerca de las solicitudes de cambios del {% data variables.product.prodname_dependabot %}, consulta la sección "[Administrar las solicitudes de cambios para las actualizaciones de las dependencias](/github/administering-a-repository/managing-pull-requests-for-dependency-updates)".
+
+{% data reusables.dependabot.automated-tests-note %}
+
+{% ifversion fpt or ghec %}
+
+## Acerca de las puntuaciones de compatibilidad
+
+Las {% data variables.product.prodname_dependabot_security_updates %} podrían incluir puntuaciones de compatibilidad para hacerte saber si el actualizar una dependencia podría causar cambios sustanciales en tu proyecto. Estos se calculan de las pruebas de IC en otros repositorios públicos en donde se ha generado la misma actualización de seguridad. La puntuación de compatibilidad de una actualización es el porcentaje de ejecuciones de IC que pasaron cuando se hicieron actualizaciones en versiones específicas de la dependencia.
+
+{% endif %}
+
+## Acerca de las notificaciones para las actualizaciones de seguridad del {% data variables.product.prodname_dependabot %}
+
+Puedes filtrar tus notificaciones en {% data variables.product.company_short %} para mostrar las actualizaciones de seguridad del {% data variables.product.prodname_dependabot %}. Para obtener más información, consulta la sección "[Administrar notificación desde tu bandeja de entrada](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox#dependabot-custom-filters)".
diff --git a/translations/es-ES/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md b/translations/es-ES/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md
new file mode 100644
index 000000000000..1295897dfadc
--- /dev/null
+++ b/translations/es-ES/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md
@@ -0,0 +1,82 @@
+---
+title: Configurar las actualizaciones de seguridad del Dependabot
+intro: 'Puedes utilizar las {% data variables.product.prodname_dependabot_security_updates %} o las solicitudes de extracción manuales para actualizar fácilmente las dependencias vulnerables.'
+shortTitle: Configurar las actualizaciones de seguridad
+redirect_from:
+  - /articles/configuring-automated-security-fixes
+  - /github/managing-security-vulnerabilities/configuring-automated-security-fixes
+  - /github/managing-security-vulnerabilities/configuring-automated-security-updates
+  - /github/managing-security-vulnerabilities/configuring-github-dependabot-security-updates
+  - /github/managing-security-vulnerabilities/configuring-dependabot-security-updates
+  - /code-security/supply-chain-security/configuring-dependabot-security-updates
+  - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>3.2'
+type: how_to
+topics:
+  - Dependabot
+  - Security updates
+  - Alerts
+  - Dependencies
+  - Pull requests
+  - Repositories
+---
+
+<!--Marketing-LINK: From home page "Learn more about Dependabot".-->
+
+{% data reusables.dependabot.beta-security-and-version-updates %}
+{% data reusables.dependabot.enterprise-enable-dependabot %}
+
+## Acerca de la configuración de las {% data variables.product.prodname_dependabot_security_updates %}
+
+Puedes habilitar las {% data variables.product.prodname_dependabot_security_updates %} para cualquier repositorio que utilice {% data variables.product.prodname_dependabot_alerts %} y la gráfica de dependencias. Para obtener más información, consulta la sección "[Acerca de las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)".
+
+Puedes inhabilitar las {% data variables.product.prodname_dependabot_security_updates %} para un repositorio individual o para todos los repositorios que pertenezcan a tu organización o cuenta de usuario. Para obtener más información, consulta la sección "[Administrar las {% data variables.product.prodname_dependabot_security_updates %} para tus repositorios](#managing-dependabot-security-updates-for-your-repositories)" acontinuación.
+
+{% ifversion fpt or ghec %}{% data reusables.dependabot.dependabot-tos %}{% endif %}
+
+## Repositorios soportados
+
+{% data variables.product.prodname_dotcom %} habilita las {% data variables.product.prodname_dependabot_security_updates %} automáticamente para cada repositorio que cumpla con estos pre-requisitos.
+
+{% note %}
+
+**Nota**: Puedes habilitar manualmente las {% data variables.product.prodname_dependabot_security_updates %}, aún si el repositorio no cumple con alguno de los siguientes prerrequisitos. Por ejemplo, puedes habilitar las {% data variables.product.prodname_dependabot_security_updates %} en una bifurcación, o para un administrador de paquetes que no sea directamente compatible si sigues las instrucciones en la sección "[Administrar las {% data variables.product.prodname_dependabot_security_updates %} para tus repositorios](#managing-dependabot-security-updates-for-your-repositories)".
+
+{% endnote %}
+
+| Pre-requisito de habilitación automática                                                                                                                                                                                               | Más información                                                                                                                                                              |
+| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Que el repositorio no sea una bifrucación                                                                                                                                                                                              | "[Acerca de las bifurcaciones](/github/collaborating-with-issues-and-pull-requests/about-forks)"                                                                             |
+| Que el repositorio no esté archivado                                                                                                                                                                                                   | "[Archivar repositorios](/github/creating-cloning-and-archiving-repositories/archiving-repositories)" |{% ifversion fpt or ghec %}
+| Que el repositorio sea público, o que sea privado y hayas habilitado un análisis de solo lectura por {% data variables.product.prodname_dotcom %}, gráfica de dependencias y alertas de vulnerabilidades en la configuración del mismo | "[Administrar los ajustes de uso de datos para tu repositorio privado](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)". 
+{% endif %}
+| Que el repositorio contenga un archivo de manifiesto de dependencias de un ecosistema de paquete que sea compatible con {% data variables.product.prodname_dotcom %}                                                                   | "[Ecosistemas de paquete compatibles](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)"                              |
+| Las {% data variables.product.prodname_dependabot_security_updates %} no se han inhabilitado para el repositorio                                                                                                                     | "[Administrar las {% data variables.product.prodname_dependabot_security_updates %} para tu repositorio](#managing-dependabot-security-updates-for-your-repositories)"     |
+
+Si no se habilitan las actualizaciones de seguridad para tu repositorio y no sabes por qué, intenta primero habilitarles de acuerdo con las instrucciones que se encuentran en los procedimientos siguientes. Si las actualizaciones de seguridad aún no funcionan, puedes contactar al {% data variables.contact.contact_support %}.
+
+## Administrar las {% data variables.product.prodname_dependabot_security_updates %} para tus repositorios
+
+Puedes habilitar o inhabilitar las {% data variables.product.prodname_dependabot_security_updates %} para un repositorio individual (ver a continuación).
+
+También puedes habilitar o inhabilitar las {% data variables.product.prodname_dependabot_security_updates %} para todos los repositorios que pertenezcan atu cuenta de usuario u organización. Para obtener más información, consulta la sección "[Administrar la seguridad y la configuración de análisis para tu cuenta de usuario](/github/setting-up-and-managing-your-github-user-account/managing-security-and-analysis-settings-for-your-user-account)" o la sección "[Administrar la configuración de seguridad y análisis para tu organización](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)".
+
+Las {% data variables.product.prodname_dependabot_security_updates %} requieren de configuraciones de repositorio específicas. Para obtener más información, consulta "[Repositorios soportados](#supported-repositories)".
+
+### Habilitar o inhabilitar las {% data variables.product.prodname_dependabot_security_updates %} para un repositorio individual.
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+{% data reusables.repositories.navigate-to-security-and-analysis %}
+1. Under "Code security and analysis", to the right of "{% data variables.product.prodname_dependabot %} security updates", click **Enable** to enable the feature or **Disable** to disable it. {% ifversion fpt or ghec %}For public repositories, the button is disabled if the feature is always enabled.{% endif %}
+  {% ifversion fpt or ghec %}!["Code security and analysis" section with button to enable {% data variables.product.prodname_dependabot_security_updates %}](/assets/images/help/repository/enable-dependabot-security-updates-button.png){% else %}!["Code security and analysis" section with button to enable {% data variables.product.prodname_dependabot_security_updates %}](/assets/images/enterprise/3.3/repository/security-and-analysis-disable-or-enable-ghes.png){% endif %}
+
+
+## Leer más
+
+- "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)"{% ifversion fpt or ghec %}
+- "[Administrar los ajustes de uso de datos para tu repositorio privado](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)"{% endif %}
+- "[Ecosistemas de paquete compatibles](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)"
diff --git a/translations/es-ES/content/code-security/dependabot/dependabot-security-updates/index.md b/translations/es-ES/content/code-security/dependabot/dependabot-security-updates/index.md
new file mode 100644
index 000000000000..b60ab227beed
--- /dev/null
+++ b/translations/es-ES/content/code-security/dependabot/dependabot-security-updates/index.md
@@ -0,0 +1,20 @@
+---
+title: Automatically updating dependencies with known vulnerabilities with Dependabot security updates
+intro: '{% data variables.product.prodname_dependabot %} can help you fix vulnerable dependencies by automatically raising pull requests to update dependencies to secure versions.'
+allowTitleToDifferFromFilename: true
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>3.2'
+topics:
+  - Repositories
+  - Dependabot
+  - Security updates
+  - Dependencies
+  - Pull requests
+shortTitle: Actualizaciones de seguridad del dependabot
+children:
+  - /about-dependabot-security-updates
+  - /configuring-dependabot-security-updates
+---
+
diff --git a/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md b/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md
new file mode 100644
index 000000000000..1343d6db2a05
--- /dev/null
+++ b/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md
@@ -0,0 +1,69 @@
+---
+title: Acerca de las actualizaciones a la versión del Dependabot
+intro: 'Puede utilizar el {% data variables.product.prodname_dependabot %} para mantener los paquetes que utilizas actualizados a su versión más reciente.'
+redirect_from:
+  - /github/administering-a-repository/about-dependabot
+  - /github/administering-a-repository/about-github-dependabot
+  - /github/administering-a-repository/about-github-dependabot-version-updates
+  - /github/administering-a-repository/about-dependabot-version-updates
+  - /code-security/supply-chain-security/about-dependabot-version-updates
+  - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/upgrading-from-dependabotcom-to-github-native-dependabot
+  - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '> 3.2'
+type: overview
+topics:
+  - Dependabot
+  - Version updates
+  - Repositories
+  - Dependencies
+  - Pull requests
+shortTitle: Actualizaciones de versión del dependabot
+---
+
+{% data reusables.dependabot.beta-security-and-version-updates %}
+{% data reusables.dependabot.enterprise-enable-dependabot %}
+
+## Acerca de {% data variables.product.prodname_dependabot_version_updates %}
+
+El {% data variables.product.prodname_dependabot %} hace el esfuerzo de mantener tus dependencias. Puedes utilizarlo para garantizar que tu repositorio se mantenga automáticamente con los últimos lanzamientos de los paquetes y aplicaciones de los que depende.
+
+Se habilitan las {% data variables.product.prodname_dependabot_version_updates %} al registrar un archivo de configuración en tu repositorio. Este archivo de configuración especifica la ubicación del manifiesto o de otros archivos de definición de paquetes almacenados en tu repositorio. El {% data variables.product.prodname_dependabot %} utiliza esta información para revisar los paquetes y las aplicaciones desactualizadas. El {% data variables.product.prodname_dependabot %} determina si hay una versión nueva de una dependencia al buscar el versionamiento semántico ([semver](https://semver.org/)) de la dependencia para decidir si debería actualizarla a esa versión. Para ciertos administradores de paquetes, {% data variables.product.prodname_dependabot_version_updates %} también es compatible con su delegación a proveedores. Las dependencias delegadas (o almacenadas en caché) son aquellas que se registran en un directorio específico en un repositorio en vez de que se referencien en un manifiesto. Las dependencias delegadas a proveedores están disponibles desde el momento de su creación, incluso si los servidores de paquetes no se encuentran disponibles. Las {% data variables.product.prodname_dependabot_version_updates %} pueden configurarse para verificar las dependencias delegadas a proveedores para las nuevas versiones y también pueden actualizarse de ser necesario.
+
+Cuando el {% data variables.product.prodname_dependabot %} identifica una dependencia desactualizada, levanta una solicitud de extracción para actualizar el manifiesto a su última versión de la dependencia. Lara las dependencias delegadas a proveedores, el {% data variables.product.prodname_dependabot %} levanta una solicitud de cambios para reemplazar la dependencia desactualizada directamente con la versión nueva. Verificas que tu prueba pase, revisas el registro de cambios y notas de lanzamiento que se incluyan en el resumen de la solicitud de extracción y, posteriormente, lo fusionas. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)."
+
+Si habilitas las _actualizaciones de seguridad_, el {% data variables.product.prodname_dependabot %} también levantará solicitudes de cambios para actualizar las dependencias vulnerables. Para obtener más información, consulta la sección "[Acerca de las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)".
+
+{% data reusables.dependabot.pull-request-security-vs-version-updates %}
+
+{% data reusables.dependabot.dependabot-tos %}
+
+## Frecuencia de las solicitudes de extracción del {% data variables.product.prodname_dependabot %}
+
+Tú eres quien especifica qué tan a menudo se revisa cada ecosistema para encontrar nuevas versiones en el archivo de configuración: diario, semanalmente, o mensualmente.
+
+{% data reusables.dependabot.initial-updates %}
+
+Si habilitaste las actualizaciones de seguridad, algunas veces verás solicitudes de extracción adicionales para actualizaciones de seguridad. Esto se activa con una alerta del {% data variables.product.prodname_dependabot %} para una dependencia en tu rama predeterminada. El {% data variables.product.prodname_dependabot %} levanta automáticamente una solicitud de extracción para actualizar la dependencia vulnerable.
+
+## Repositorios y ecosistemas compatibles
+<!-- If you make changes to this feature, update /getting-started-with-github/github-language-support to reflect any changes to supported repositories or ecosystems. -->
+
+Puedes configurar las actualizaciones de versión para los repositorios que contengan un manifiesto de dependencias o un archivo fijado para alguno de los administradores de paquetes compatibles. Para algunos administradores de paquetes, también puedes configurar la delegación a proveedores para las dependencias. For more information, see "[Configuration options for the dependabot.yml file](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#vendor)."
+{% note %}
+
+{% data reusables.dependabot.private-dependencies-note %}
+
+El {% data variables.product.prodname_dependabot %} no es compatible con dependencias privadas de {% data variables.product.prodname_dotcom %} para todos los administradores de paquetes. Consulta los detalles en la tabla a continuación.
+
+{% endnote %}
+
+{% data reusables.dependabot.supported-package-managers %}
+
+Si tu repositorio ya utiliza una integración para la administración de dependencias, necesitarás inhabilitarlo antes de habilitar el {% data variables.product.prodname_dependabot %}. {% ifversion fpt or ghec %}Para obtener más información, consulta la sección "[Acerca de las integraciones](/github/customizing-your-github-workflow/about-integrations)".{% endif %}
+
+## Acerca de las notificaciones para las actualizaciones de versión del {% data variables.product.prodname_dependabot %}
+
+Puedes filtrar tus notificaciones en {% data variables.product.company_short %} para mostrar notificaciones para las solicitudes de cambios que creó el {% data variables.product.prodname_dependabot %}. Para obtener más información, consulta la sección "[Administrar notificaciones desde tu bandeja de entrada](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox)".
diff --git a/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md b/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md
new file mode 100644
index 000000000000..28c43850c46c
--- /dev/null
+++ b/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md
@@ -0,0 +1,968 @@
+---
+title: Configuration options for the dependabot.yml file
+intro: 'La información detallada para todas las opciones que puedes utilizar para personalizar como el {% data variables.product.prodname_dependabot %} mantiene tus repositorios.'
+permissions: 'People with write permissions to a repository can configure {% data variables.product.prodname_dependabot %} for the repository.'
+allowTitleToDifferFromFilename: true
+redirect_from:
+  - /github/administering-a-repository/configuration-options-for-dependency-updates
+  - /code-security/supply-chain-security/configuration-options-for-dependency-updates
+  - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates
+miniTocMaxHeadingLevel: 3
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>3.2'
+type: reference
+topics:
+  - Dependabot
+  - Version updates
+  - Repositories
+  - Dependencies
+  - Pull requests
+shortTitle: Configure dependabot.yml
+---
+
+{% data reusables.dependabot.beta-security-and-version-updates %}
+{% data reusables.dependabot.enterprise-enable-dependabot %}
+
+## Acerca del archivo *dependabot.yml*
+
+El archivo de configuración del {% data variables.product.prodname_dependabot %}, *dependabot.yml*, utiliza la sintaxis YAML. Si eres nuevo en YAML y deseas conocer más, consulta "[Aprender YAML en cinco minutos](https://www.codeproject.com/Articles/1214409/Learn-YAML-in-five-minutes)".
+
+Debes almacenar este archivo en el directorio `.github` de tu repositorio. Cuando agregas o actualizas el archivo *dependabot.yml*, esto activa una revisión inmediata de las actualizaciones de la versión. For more information and an example, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates#enabling-dependabot-version-updates)."
+
+Cualquier opción que también afecte las actualizaciones de seguridad se utiliza en la siguiente ocasión en que una alerta de seguridad active una solicitud de cambios para una actualización de seguridad.  Para obtener más información, consulta la sección "[Configurar las {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates)".
+
+El archivo *dependabot.yml* tiene dos claves mandatorias de nivel superior: `version`, y `updates`. Opcionalmente, puedes incluir una clave de `registries` de nivel superior. El archivo debe comenzar con `version: 2`.
+
+## Opciones de configuración para las actualizaciones
+
+La clave `updates` de nivel superior es obligatoria. La utilizas para configurar la forma en que el {% data variables.product.prodname_dependabot %} actualiza las versiones o las dependencias de tu proyecto. Cada entrada configura los ajustes de actualización para un administrador de paquetes en particular. Puedes utilizar las siguientes opciones.
+
+| Opción                                                                     | Requerido | Descripción                                                                                        |
+|:-------------------------------------------------------------------------- |:---------:|:-------------------------------------------------------------------------------------------------- |
+| [`package-ecosystem`](#package-ecosystem)                                  |   **X**   | Administrador de paquetes a utilizar                                                               |
+| [`directorio`](#directory)                                                 |   **X**   | Ubicación de los manifiestos del paquete                                                           |
+| [`schedule.interval`](#scheduleinterval)                                   |   **X**   | Qué tan a menudo se revisará si hay actualizaciones                                                |
+| [`allow`](#allow)                                                          |           | Personalizar qué actualizaciones se permitirán                                                     |
+| [`asignatarios`](#assignees)                                               |           | Los asignados a configurar en las solicitudes de extracción                                        |
+| [`commit-message`](#commit-message)                                        |           | Preferencias de mensaje de confirmación                                                            |
+| [`ignore`](#ignore)                                                        |           | Ignorar ciertas dependencias o versiones                                                           |
+| [`insecure-external-code-execution`](#insecure-external-code-execution)    |           | Permite o rechaza la ejecución de código en los archivos de manifiesto                             |
+| [`etiquetas`](#labels)                                                     |           | Las etiquetas a configurar en las solicitudes de extracción                                        |
+| [`hito`](#milestone)                                                       |           | Hito a configurar en las solicitudes de extracción                                                 |
+| [`open-pull-requests-limit`](#open-pull-requests-limit)                    |           | Limitar la cantidad de solicitudes de extracción abiertas para las actualizaciones de versión      |
+| [`pull-request-branch-name.separator`](#pull-request-branch-nameseparator) |           | Cambiar el separador para los nombres de rama de la solicitud de extracción                        |
+| [`rebase-strategy`](#rebase-strategy)                                      |           | Inhabilitar el rebase automático                                                                   |
+| [`registries`](#registries)                                                |           | Los registros privados a los que puede acceder el {% data variables.product.prodname_dependabot %}
+| [`revisores`](#reviewers)                                                  |           | Los revisores a configurar en las solicitudes de extracción                                        |
+| [`schedule.day`](#scheduleday)                                             |           | Día de la semana para revisar si hay actualizaciones                                               |
+| [`schedule.time`](#scheduletime)                                           |           | Hora del día para revisar si hay actualizaciones (hh:mm)                                           |
+| [`schedule.timezone`](#scheduletimezone)                                   |           | Huso horario para la hora del día (identificador de zona)                                          |
+| [`target-branch`](#target-branch)                                          |           | Rama contra la cual se creará la solicitud de extracción                                           |
+| [`vendor`](#vendor)                                                        |           | Actualiza las dependencias delegadas a proveedores o almacenadas en caché                          |
+| [`versioning-strategy`](#versioning-strategy)                              |           | Cómo actualizar los requisitos de la versión del manifiesto                                        |
+
+Estas opciones caen a groso modo en las siguientes categorías.
+
+- Opciones de configuración esenciales que debes incluir en todas las configuraciones: [`package-ecosystem`](#package-ecosystem), [`directory`](#directory),[`schedule.interval`](#scheduleinterval).
+- Opciones para personalizar el calendario de actualización: [`schedule.time`](#scheduletime), [`schedule.timezone`](#scheduletimezone), [`schedule.day`](#scheduleday).
+- Las opciones para controlar qué dependencias se actualizarán: [`allow`](#allow), [`ignore`](#ignore), [`vendor`](#vendor).
+- Opciones para agregar metadatos a las solicitudes de extracción: [`reviewers`](#reviewers), [`assignees`](#assignees), [`labels`](#labels), [`milestone`](#milestone).
+- Opciones para cambiar el comportamiento de las solicitudes de extracción: [`target-branch`](#target-branch), [`versioning-strategy`](#versioning-strategy), [`commit-message`](#commit-message), [`rebase-strategy`](#rebase-strategy), [`pull-request-branch-name.separator`](#pull-request-branch-nameseparator).
+
+Adicionalmente, la opción [`open-pull-requests-limit`](#open-pull-requests-limit) cambia la cantidad máxima de solicitudes de extracción para las actualizaciones de versión que puede abrir el {% data variables.product.prodname_dependabot %}.
+
+{% note %}
+
+**Nota:** Algunas de estas opciones de configuración también pueden afectar a las solicitudes de extracción que se levantan para las actualizaciones de seguridad de los manifiestos delos paquetes vulnerables.
+
+Las actualizaciones de seguridad se levantan para los manifiestos de paquetes vulnerables únicamente en la rama predeterminada. Cuando se establecen las opciones de configuración para la misma rama (como "true" a menos de que utilices `target-branch`), y se especifica un `package-ecosystem` y `directory` para el manifiesto vulnerable, entonces las solicitudes de extracción para las actualizaciones de seguridad utilizan las opciones relevantes.
+
+En general, las actualizaciones de seguridad utilizan cualquier opción de configuración que afecte las solicitudes de extracción, por ejemplo, agregar metadatos o cambiar su comportamiento. Para obtener más información acerca de las actualizaciones de seguridad, consulta la sección "[Configurar {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates)".
+
+{% endnote %}
+
+### `package-ecosystem`
+
+**Requerido**. Agregarás un elemento de `package-ecosystem` para cada administrador de paquetes que quieras que monitoree el {% data variables.product.prodname_dependabot %} para encontrar versiones nuevas. El repositorio también debe contener un archivo bloqueado o de manifiesto de dependencias para cada uno de estos administradores de paquetes. Si quieres habilitar la delegación a proveedores para un administrador de paquetes que sea compatible con ella, las dependencias delegadas a proveedores deben ubicarse en el directorio requerido. Para obtener más información, consulta la sección [`vendor`](#vendor) a continuación.
+
+{% data reusables.dependabot.supported-package-managers %}
+
+```yaml
+# Basic set up for three package managers
+
+version: 2
+updates:
+
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+
+  # Maintain dependencies for npm
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+
+  # Maintain dependencies for Composer
+  - package-ecosystem: "composer"
+    directory: "/"
+    schedule:
+      interval: "daily"
+```
+
+### `directorio`
+
+**Requerido**. Debes definir la ubicación de los manifiestos de los paquetes para cada administrador de paquetes (por ejemplo, el *package.json* o *Gemfile*). Tú definierás el directorio relativo a la raíz del repositorio para todos los ecosistemas, menos para GitHub Actions. Para GitHub Actions, configura el directorio para que sea `/` y así revisar los archivos de flujo de trabajo en `.github/workflows`.
+
+```yaml
+# Specify location of manifest files for each package manager
+
+version: 2
+updates:
+  - package-ecosystem: "composer"
+    # Files stored in repository root
+    directory: "/"
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: "npm"
+    # Files stored in `app` directory
+    directory: "/app"
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: "github-actions"
+    # Workflow files stored in the
+    # default location of `.github/workflows`
+    directory: "/"
+    schedule:
+      interval: "daily"
+```
+
+### `schedule.interval`
+
+**Requerido**. Debes definir la frecuencia en la que se verificará si hay versiones nuevas para cada administrador de paquetes. Predeterminadamente, el {% data variables.product.prodname_dependabot %} asigna una hora aleatoria para aplicar todas las actualizaciones en el archivo de configuración. Para configurar una hora específica, puedes utilizar [`schedule.time`](#scheduletime) y [`schedule.timezone`](#scheduletimezone).
+
+- `daily`—se ejecuta en cada día de la semana, de Lunes a Viernes.
+- `weekly`—se ejecuta una vez cada semana. Predeterminadamente, esto ocurre los lunes. Para modificar esto, utiliza [`schedule.day`](#scheduleday).
+- `monthly`—se ejecuta una vez al mes. Esto ocurre en el primer día de cada mes.
+
+```yaml
+# Set update schedule for each package manager
+
+version: 2
+updates:
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      # Check for updates to GitHub Actions every weekday
+      interval: "daily"
+
+  - package-ecosystem: "composer"
+    directory: "/"
+    schedule:
+      # Check for updates managed by Composer once a week
+      interval: "weekly"
+```
+
+{% note %}
+
+**Note**: `schedule` define cuando el {% data variables.product.prodname_dependabot %} intenta hacer una actualización nueva. Sin embargo, no es la única ocasión en la que podrías recibir solilcitudes de cambio. Las actualizaciones pueden activarse con base en los cambios a tu archivo de `dependabot.yml`, los cambios a tus archivo(s) de manifiesto después de una actualización fallida, o las {% data variables.product.prodname_dependabot_security_updates %}. Para obtener más información, consulta las secciones "[Frecuencia de las solicitudes de cambio del {% data variables.product.prodname_dependabot %}](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates#frequency-of-dependabot-pull-requests)" y "[Acerca de las {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)".
+
+{% endnote %}
+
+### `allow`
+
+{% data reusables.dependabot.default-dependencies-allow-ignore %}
+
+Utiliza la opción `allow` para personalizar qué dependencias se actualizan. Esto aplica tanto a la versión como a las actualizaciones de seguridad. Puedes utilizar las siguientes opciones:
+
+- `dependency-name`—se utiliza para permitir actualizaciones para las dependencias con nombres coincidentes, opcionalmente, utiliza `*` para empatar cero o más caracteres. Para las dependencias de Java, el formato del atributo `dependency-name` es: `groupId:artifactId`, por ejemplo: `org.kohsuke:github-api`.
+- `dependency-type`—utilízalo para permitir actualizaciones para dependencias de tipos específicos.
+
+  | Tipos de dependencia | Administradores de paquete compatibles              | Permitir actualizaciones                                                                                                                            |
+  | -------------------- | --------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- |
+  | `direct`             | Todas                                               | Todas las dependencias definidas explícitamente.                                                                                                    |
+  | `indirect`           | `bundler`, `pip`, `composer`, `cargo`               | Las dependencias de las dependencias directas (también conocidas como sub-dependencias, o dependencias transitorias).                               |
+  | `all`                | Todas                                               | Todas las dependencias definidas explícitamente. Para `bundler`, `pip`, `composer`, `cargo`, también las dependencias de las dependencias directas. |
+  | `production`         | `bundler`, `composer`, `mix`, `maven`, `npm`, `pip` | Solo las dependencias en el "Grupo de dependencias de producción".                                                                                  |
+  | `development`        | `bundler`, `composer`, `mix`, `maven`, `npm`, `pip` | Únicamente las dependencias en el "Grupo de dependencias de desarrollo".                                                                            |
+
+```yaml
+# Use `allow` to specify which dependencies to maintain
+
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    allow:
+      # Allow updates for Lodash
+      - dependency-name: "lodash"
+      # Allow updates for React and any packages starting "react"
+      - dependency-name: "react*"
+
+  - package-ecosystem: "composer"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    allow:
+      # Allow both direct and indirect updates for all packages
+      - dependency-type: "all"
+
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    allow:
+      # Allow only direct updates for
+      # Django and any packages starting "django"
+      - dependency-name: "django*"
+        dependency-type: "direct"
+      # Allow only production updates for Sphinx
+      - dependency-name: "sphinx"
+        dependency-type: "production"
+```
+
+### `asignatarios`
+
+Utiliza `assignees` para especificar a los asignados individuales para todas las solicitudes de extracción levantadas para un administrador de paquete.
+
+{% data reusables.dependabot.option-affects-security-updates %}
+
+```yaml
+# Specify assignees for pull requests
+
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # Add assignees
+    assignees:
+      - "octocat"
+```
+
+### `commit-message`
+
+Predeterminadamente, el {% data variables.product.prodname_dependabot %} intenta detectar tus preferencias de mensajes de confirmación y utiliza patrones similares. Utiliza la opción`commit-message` para especificar tus preferencias explícitamente.
+
+Opciones compatibles
+
+- `prefix` especifica un prefijo para todos los mensajes de confirmación.
+- `prefix-development` especifica un prefijo separado para todos los mensajes de confirmación que actualizan dependencias en el grupo de dependencias de desarrollo. Cuando especificas un valor para esta opción, `prefix` se utiliza únicamente para las actualizaciones a las dependencias en el grupo de dependencias de producción. Esto es compatible con: `bundler`, `composer`, `mix`, `maven`, `npm`, y `pip`.
+- `include: "scope"` especifica que cualquier prefijo es sucedido por una lista de dependencias actualizadas en la confirmación.
+
+{% data reusables.dependabot.option-affects-security-updates %}
+
+```yaml
+# Customize commit messages
+
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    commit-message:
+      # Prefix all commit messages with "npm"
+      prefix: "npm"
+
+  - package-ecosystem: "composer"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # Prefix all commit messages with "Composer"
+    # include a list of updated dependencies
+    commit-message:
+      prefix: "Composer"
+      include: "scope"
+
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # Include a list of updated dependencies
+    # with a prefix determined by the dependency group
+    commit-message:
+      prefix: "pip prod"
+      prefix-development: "pip dev"
+      include: "scope"
+```
+
+### `ignore`
+
+{% data reusables.dependabot.default-dependencies-allow-ignore %}
+
+Las dependencias pueden ignorarse ya sea agregándolas a `ignore` o utilizando el comando `@dependabot ignore` en una solicitud de cambios que haya abierto el {% data variables.product.prodname_dependabot %}.
+
+#### Crear condiciones de `ignore` desde `@dependabot ignore`
+
+Las dependencias que se ignoran utilizando el comando `@dependabot ignore` se almacenan centralmente para cada administrador de paquete. Si comienzas a ignorar las dependencias en el archivo `dependabot.yml`, estas preferencias existentes se consideran junto con las dependencias de `ignore` en la configuración.
+
+Puedes verificar si un repositorio tiene preferencias de `ignore` almacenadas si buscas `"@dependabot ignore" in:comments` en este. Si quieres dejar de ignorar una dependencia que se haya ignorado de esta forma, vuelve a abrir la solicitud de cambios.
+
+Para obtener más información acerca de los comandos de `@dependabot ignore`, consulta la sección "[Administrar las solicitudes de extracción para las actualizaciones de dependencias](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands)".
+
+#### Especificar dependencias y versiones para ignorar
+
+Puedes utilizar la opción `ignore` para personalizar qué dependencias se actualizarán. La opción `ignore` es compatible con las siguientes opciones.
+
+- `dependency-name`—se utiliza para ignorar actualizaciones para las dependencias con nombres coincidentes, opcionalmente, utiliza `*` para empatar cero o más caracteres. Para las dependencias de Java, el formato del atributo `dependency-name` es: `groupId:artifactId` (por ejemplo: `org.kohsuke:github-api`).
+- `versions`—se utiliza para ignorar versiones o rangos específicos de las versiones. Si quieres definir un rango, utiliza el patrón estándar del administrador de paquetes (por ejemplo: `^1.0.0` para npm, o `~> 2.0` para Bundler).
+- `update-types`—Se utiliza para ignorar tipos de actualizaciones tales como las de tipo `major`, `minor`, o `patch` en actualizaciones de versión (por ejemplo: `version-update:semver-patch` ignorará las actualizaciones de parche). Puedes combinar esto con `dependency-name: "*"` para ignorar algún `update-types` en particular en todas las dependencias. Actualmente, `version-update:semver-major`, `version-update:semver-minor`, y `version-update:semver-patch` son las únicas opciones compatibles. Este ajuste no afectará a las actualizaciones de seguridad.
+
+Si las `versions` y los `update-types` se utilizan juntos, el {% data variables.product.prodname_dependabot %} ignorará todas las actualizaciones en cualquiera que se configure.
+
+{% data reusables.dependabot.option-affects-security-updates %}
+
+```yaml
+# Use `ignore` to specify dependencies that should not be updated 
+
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    ignore:
+      - dependency-name: "express"
+        # For Express, ignore all updates for version 4 and 5
+        versions: ["4.x", "5.x"]
+        # For Lodash, ignore all updates
+      - dependency-name: "lodash"
+        # For AWS SDK, ignore all patch updates
+      - dependency-name: "aws-sdk"
+        update-types: ["version-update:semver-patch"]
+```
+
+{% note %}
+
+**Nota**: El {% data variables.product.prodname_dependabot %} solo puede ejecutar actualizaciones de versión en los archivos de bloqueo o de manifiesto si puede acceder a todas las dependencias en estos archivos, aún si agregas dependencias inaccesibles a la opción `ignore` de tu archivo de configuración. Para obtener más información, consulta las secciones "[Administrar los ajustes de seguridad y análisis de tu organización](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private-dependencies)" y "[Solución de errores del {% data variables.product.prodname_dependabot %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors#dependabot-cant-resolve-your-dependency-files)".
+
+
+{% endnote %}
+
+### `insecure-external-code-execution`
+
+Los administradores de paquetes con los valores `bundler`, `mix`, y `pip` de `package-ecosystem` pueden ejecutar el código externo en el manifiesto como parte del proceso de actualización de la versión. Esto podría permitir que un paquete que se haya puesto en riesgo borre las credenciales u obtenga acceso a los registros configurados. Cuando agregas un ajuste de [`registries`](#registries) dentro de una configuración de `updates`, el {% data variables.product.prodname_dependabot %} prevendrá automáticamente la ejecución de código externo, en cuyo caso, la actualización de versión podría fallar. Puedes elegir ignorar este comportamiento y permitir la ejecución de código externo para los administradores de paquetes `bundler`, `mix`, y `pip` si configuras a `insecure-external-code-execution` en `allow`.
+
+Puedes negar explícitamente la ejecución de código externo, sin importar si es que hay un ajuste de `registries` para esta configuración de actualización, configurando a `insecure-external-code-execution` en `deny`.
+
+{% raw %}
+```yaml
+# Allow external code execution when updating dependencies from private registries
+
+version: 2
+registries:
+  ruby-github:
+    type: rubygems-server
+    url: https://rubygems.pkg.github.com/octocat/github_api
+    token: ${{secrets.MY_GITHUB_PERSONAL_TOKEN}}
+updates:
+  - package-ecosystem: "bundler"
+    directory: "/rubygems-server"
+    insecure-external-code-execution: allow
+    registries: "*"
+    schedule:
+      interval: "monthly"
+```
+{% endraw %}
+
+### `etiquetas`
+
+{% data reusables.dependabot.default-labels %}
+
+Utiliza `labels` para anular las etiquetas predeterminadas y especificar las etiquetas alternas para todas las solicitudes de extracción que se levante para un administrador de paquete. Si ninguna de estas etiquetas se define en el repositorio, entonces se ha ignorado. Para inhabilitar todas las etiquetas, incluyendo aquellas predeterminadas, utiliza `labels: [ ]`.
+
+{% data reusables.dependabot.option-affects-security-updates %}
+
+```yaml
+# Specify labels for pull requests
+
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # Specify labels for npm pull requests
+    labels:
+      - "npm"
+      - "dependencies"
+```
+
+### `hito`
+
+Utiliza `milestone` para asociar todas las solicitudes de extracción que se han levantado para un administrador de paquete con un hito. Necesitas especificar el identificador numérico del hito y, no así, su etiqueta. Si ves un hito, la parte final de la URL de la página, después de `milestone`, es el identificador. Por ejemplo: `https://github.com/<org>/<repo>/milestone/3`.
+
+{% data reusables.dependabot.option-affects-security-updates %}
+
+```yaml
+# Specify a milestone for pull requests
+
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # Associate pull requests with milestone "4"
+    milestone: 4
+```
+
+### `open-pull-requests-limit`
+
+Predeterminadamente, {% data variables.product.prodname_dependabot %} abre un máximo de cinco solicitudes de extracción para las actualizaciones de versión. Una vez que hayan cinco solicitudes de cambio abiertas, las solicitudes nuevas se bloquearán hasta que fusiones o cierres algunas de las sollicitudes abiertas, después de lo cual, las solicitudes de cambiso nuevas pueden abrirse en actualizaciones subsecuentes. Utiliza `open-pull-requests-limit` para cambiar este límite. Esto también proporciona una forma simple de inhabilitar temporalmente las actualizaciones de versión para un administrador de paquete.
+
+Esta opción no tiene impacto en las actualizaciones de seguridad que tienen un límite separado e interno de diez solicitudes de extracción abiertas.
+
+```yaml
+# Specify the number of open pull requests allowed
+
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # Disable version updates for npm dependencies
+    open-pull-requests-limit: 0
+
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # Allow up to 10 open pull requests for pip dependencies
+    open-pull-requests-limit: 10
+```
+
+### `pull-request-branch-name.separator`
+
+El {% data variables.product.prodname_dependabot %} genera una rama para cada solicitud de extracción. Cada nombre de rama incluye `dependabot`, y el administrador de paquete y la dependencia que se actualizaron. Predeterminadamente, estas partes están separadas por un símbolo de `/`, por ejemplo: `dependabot/npm_and_yarn/next_js/acorn-6.4.1`.
+
+Utiliza `pull-request-branch-name.separator` para especificar un separador diferente. Este puede ser alguno de entre: `"-"`, `_` o `/`. El símbolo de guión debe estar entre comillas porque, de lo contrario, se interpretará como que está declarando una lista YAML vacía.
+
+{% data reusables.dependabot.option-affects-security-updates %}
+
+```yaml
+# Specify a different separator for branch names
+
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    pull-request-branch-name:
+      # Separate sections of the branch name with a hyphen
+      # for example, `dependabot-npm_and_yarn-next_js-acorn-6.4.1`
+      separator: "-"
+```
+
+### `rebase-strategy`
+
+Predeterminadamente, el{% data variables.product.prodname_dependabot %} rebasa automáticamente las solicitudes de cambios abiertas y detecta cualquier cambio en ellas. Utiliza `rebase-strategy` para inhabilitar este comportamiento.
+
+Estrategias de rebase disponibles
+
+- `disabled` para inhabilitar el rebase automático.
+- `auto` para utilizar el comportamiento predeterminado y rebasar las solicitudes de cambios abiertas cuando se detecten cambios.
+
+{% data reusables.dependabot.option-affects-security-updates %}
+
+```yaml
+# Disable automatic rebasing
+
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # Disable rebasing for npm pull requests
+    rebase-strategy: "disabled"
+```
+
+### `registries`
+
+Para permitir que el {% data variables.product.prodname_dependabot %} acceda a un registro de paquete privado cuando esté realizando una actualización de versión, debes incluir un ajuste de `registries` dentro de la configuración relevante de `updates`. Puedes permitir que se utilicen todos los registros definidos si configuras a `registries` en `"*"`. Como alternativa, puedes listar los registros que puede utilizar la actualización. Para hacerlo, utiliza el nombre del registro como se define en la sección `registries` de nivel superior en el archivo _dependabot.yml_. Para obtener más información, consulta la sección "[Opciones de configuración para los registros privados](#configuration-options-for-private-registries)" a continuación.
+
+Para permitir que el {% data variables.product.prodname_dependabot %} utilice los administradores de paquetes `bundler`, `mix`, y `pip` para actualizar dependencias en los registros privados, puedes elegir el permitir la ejecución de código externo. Para obtener más información, consulta [`insecure-external-code-execution`](#insecure-external-code-execution) anteriormente.
+
+```yaml
+# Allow {% data variables.product.prodname_dependabot %} to use one of the two defined private registries 
+# when updating dependency versions for this ecosystem
+
+{% raw %}
+version: 2
+registries:
+  maven-github:
+    type: maven-repository
+    url: https://maven.pkg.github.com/octocat
+    username: octocat
+    password: ${{secrets.MY_ARTIFACTORY_PASSWORD}}
+  npm-npmjs:
+    type: npm-registry
+    url: https://registry.npmjs.org
+    username: octocat
+    password: ${{secrets.MY_NPM_PASSWORD}}
+updates:
+  - package-ecosystem: "gitsubmodule"
+    directory: "/"
+    registries:
+      - maven-github
+    schedule:
+      interval: "monthly"
+{% endraw %}
+```
+
+### `revisores`
+
+Utiliza `reviewers` para especificar los revisores o equipos individuales de revisores para las solicitudes de extracción que se levantaron para un administrador de paquete. Debes utilizar el nombre completo del equipo, incluyendo la organización, como si lo estuvieras @mencionando.
+
+{% data reusables.dependabot.option-affects-security-updates %}
+
+```yaml
+# Specify reviewers for pull requests
+
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # Add reviewers
+    reviewers:
+      - "octocat"
+      - "my-username"
+      - "my-org/python-team"
+```
+
+### `schedule.day`
+
+Cuando configuras una programación de actualizaciones en `weekly`, predeterminadamente, {% data variables.product.prodname_dependabot %} revisa si hay versiones nuevas los lunes en alguna hora aleatoria para el repositorio. Utiliza `schedule.day` para especificar un día alterno para revisar si hay actualizaciones.
+
+Valores compatibles
+
+- `monday`
+- `tuesday`
+- `wednesday`
+- `thursday`
+- `friday`
+- `saturday`
+- `sunday`
+
+```yaml
+# Specify the day for weekly checks
+
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      # Check for npm updates on Sundays
+      day: "sunday"
+```
+
+### `schedule.time`
+
+Predeterminadamente, el {% data variables.product.prodname_dependabot %} revisa si hay nuevas versiones en una hora aleatoria para el repositorio. Utiliza `schedule.time` para especificar una hora alterna para revisar si hay actualizaciones (formato: `hh:mm`).
+
+```yaml
+# Set a time for checks
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+      # Check for npm updates at 9am UTC
+      time: "09:00"
+```
+
+### `schedule.timezone`
+
+Predeterminadamente, el {% data variables.product.prodname_dependabot %} revisa si hay nuevas versiones en una hora aleatoria para el repositorio. Utiliza `schedule.timezone` para especificar un huso horario alternativo. El identificador de zona debe ser tomado de la base de datos de Husos Horarios que mantiene [iana](https://www.iana.org/time-zones). Para obtener más información, consulta la [Lista de bases de datos tz para husos horarios](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones).
+
+```yaml
+# Specify the timezone for checks
+
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+      time: "09:00"
+      # Use Japan Standard Time (UTC +09:00)
+      timezone: "Asia/Tokyo"
+```
+
+### `target-branch`
+
+Predeterminadamente, el {% data variables.product.prodname_dependabot %} revisa si hay archivos de manifiesto en las ramas predeterminadas y levanta solicitudes de extracción para las actualizaciones de versión contra dicha rama. Utiliza `target-branch` para especificar una rama diferente para los archivos de manifiesto y para las solicitudes de extracción. Cuando utilizas esta opción, la configuración para este administrador de paquete ya no afectará ninguna solicitud de extracción que se haya levantado para las actualizaciones de seguridad.
+
+```yaml
+# Specify a non-default branch for pull requests for pip
+
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # Raise pull requests for version updates
+    # to pip against the `develop` branch
+    target-branch: "develop"
+    # Labels on pull requests for version updates only
+    labels:
+      - "pip dependencies"
+
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      # Check for npm updates on Sundays
+      day: "sunday"
+    # Labels on pull requests for security and version updates
+    labels:
+      - "npm dependencies"
+```
+
+### `vendor`
+
+Utiliza la opción `vendor` para indicar al {% data variables.product.prodname_dependabot %} delegar las dependencias a los proveedores cuando se actualicen. No utilices esta opción si estás usando `gomod`, ya que el {% data variables.product.prodname_dependabot %} detecta la delegación a vendedores automáticamente para esta herramienta.
+
+```yaml
+# Configure version updates for both dependencies defined in manifests and vendored dependencies
+
+version: 2
+updates:
+  - package-ecosystem: "bundler"
+    # Raise pull requests to update vendored dependencies that are checked in to the repository
+    vendor: true
+    directory: "/"
+    schedule:
+      interval: "weekly"
+```
+
+El {% data variables.product.prodname_dependabot %} solo actualiza las dependencias delegadas a proveedores que se ubiquen en directorios específicos en un repositorio.
+
+| Administración de paquetes | Ruta de archivo requerida para las dependencias delegadas                                                    | Más información                                                               |
+| -------------------------- | ------------------------------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------- |
+| `bundler`                  | Las dependencias deben estar en el directorio _vendor/cache_.</br>Otras rutas de archivo no son compatibles. | [documentación de `bundle cache`](https://bundler.io/man/bundle-cache.1.html) |
+| `gomod`                    | No hay requisitos de ruta (las dependencias se ubican habitualmente en el directorio _vendor_)               | [documentación de `go mod vendor`](https://golang.org/ref/mod#go-mod-vendor)  |
+
+
+### `versioning-strategy`
+
+Cuando el {% data variables.product.prodname_dependabot %} edita un archivo de manifiesto para actualizar una versión, utiliza las siguientes estrategias generales:
+
+- Para las apps, los requisitos de versión se incrementan, por ejemplo: npm, pip y Composer.
+- Para las bibliotecas, el rango de versiones se amplía, por ejemplo: Bundler y Cargo.
+
+Utiliza la opción `versioning-strategy` para cambiar este comportamiento para los administradores de paquete compatibles.
+
+{% data reusables.dependabot.option-affects-security-updates %}
+
+Estrategias de actualización disponibles
+
+| Opción                  | Compatible con                                      | Acción                                                                                                                                                                  |
+| ----------------------- | --------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `lockfile-only`         | `bundler`, `cargo`, `composer`, `mix`, `npm`, `pip` | Crear únicamente solicitudes de cambios para actualizar archivos de bloqueo. Ignorar cualquier versión nueva que pudiera requerir cambios en el paquete del manifiesto. |
+| `auto`                  | `bundler`, `cargo`, `composer`, `mix`, `npm`, `pip` | Seguir la estrategia predeterminada descrita anteriormente.                                                                                                             |
+| `widen`                 | `composer`, `npm`                                   | Relajar el requisito de versión para que incluya tanto la versión nueva como la anterior, cuando sea posible.                                                           |
+| `increase`              | `bundler`, `composer`, `npm`                        | Siempre incrementar el requisito de versión para que empate con la versión nueva.                                                                                       |
+| `increase-if-necessary` | `bundler`, `composer`, `npm`                        | Incrementar el requisito de versión únicamente cuando lo requiera la versión nueva.                                                                                     |
+
+```yaml
+# Customize the manifest version strategy
+
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # Update the npm manifest file to relax
+    # the version requirements
+    versioning-strategy: widen
+
+  - package-ecosystem: "composer"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # Increase the version requirements for Composer
+    # only when required
+    versioning-strategy: increase-if-necessary
+
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # Only allow updates to the lockfile for pip and
+    # ignore any version updates that affect the manifest
+    versioning-strategy: lockfile-only
+```
+
+## Opciones de configuración para los registros privados
+
+La clave de nivel superior `registries` es opcional. Esta te permite especificar los detalles de autenticación que el {% data variables.product.prodname_dependabot %} puede utilizar para acceder a los registros de paquetes privados.
+
+{% note %}
+
+**Nota:** Los registros privados detras de los cortafuegos en las redes privadas no son compatibles.
+
+{% endnote %}
+
+El valor de la clave `registries` es un arreglo asociativo, del cual cada elemento consiste de una clave que identifica un registro en particular y un valor que es un arreglo asociativo que especifica la configuración que se requiere para acceder a dicho registro. El siguiente archivo de *dependabot.yml* configura un registro que se identifica como `dockerhub` en la sección de `registries` del archivo y luego lo referencia en la sección de `updates` del mismo.
+
+{% raw %}
+```yaml
+# Minimal settings to update dependencies in one private registry
+
+version: 2
+registries:
+  dockerhub: # Define access for a private registry 
+    type: docker-registry
+    url: registry.hub.docker.com
+    username: octocat
+    password: ${{secrets.DOCKERHUB_PASSWORD}}
+updates:
+  - package-ecosystem: "docker"
+    directory: "/docker-registry/dockerhub"
+    registries:
+      - dockerhub # Allow version updates for dependencies in this registry
+    schedule:
+      interval: "monthly"
+```
+{% endraw %}
+
+Utilizarás las siguientes opciones para especificar la configuración de acceso. La configuración del registro debe contener un `type` y una `url` y, habitualmente, ya sea una combinación de `username` y `password` o un `token`.
+
+| Opción&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | Descripción                                                                                                                                                                                                                                                                                                                                                                   |
+|:------------------------------------------------------------------------------------------------------ |:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `type`                                                                                                 | Identifica el tipo de registro. Consulta la lista completa de tipos más adelante.                                                                                                                                                                                                                                                                                             |
+| `url`                                                                                                  | La URL a utilizar para acceder a las dependencias en el registro. El protocolo es opcional. Si no se especifica, se asumirá que es `https://`. El {% data variables.product.prodname_dependabot %} agrega o ignora las diagonales iniciales conforme sea necesario.                                                                                                           |
+| `nombre de usuario`                                                                                    | El nombre de usuario que utilizará el {% data variables.product.prodname_dependabot %} para acceder al registro.                                                                                                                                                                                                                                                              |
+| `contraseña`                                                                                           | Una referencia a un secreto del {% data variables.product.prodname_dependabot %} que contenga la contraseña del usuario específico. Para obtener más información, consulta la sección "[Administrar los secretos cifrados del Dependabot](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot)".   |
+| `clave`                                                                                                | Una referencia a un secreto del {% data variables.product.prodname_dependabot %} que contenga una clave de acceso para este registro. Para obtener más información, consulta la sección "[Administrar los secretos cifrados del Dependabot](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot)". |
+| `token`                                                                                                | Una referencia a un secreto del {% data variables.product.prodname_dependabot %} que contenga un token de acceso para este registro. Para obtener más información, consulta la sección "[Administrar los secretos cifrados del Dependabot](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot)".  |
+| `replaces-base`                                                                                        | Para los registros con `type: python-index`, si el valor booleano es `true`, pip resuleve las dependencias utilizando la URL especificada en vez de la URL base del Índice de Paquetes de Python (que predeterminadamente es `https://pypi.org/simple`).                                                                                                                      |
+
+
+Cada `type` de configuración requiere que proporciones ajustes en particular. Algunos tipos permiten más de una forma de conectarse. Las siguientes secciones proporcionan detalles de las configuraciones que deberías utilizar para cada `type`.
+
+### `composer-repository`
+
+El tipo `composer-repository` es compatible con nombre de usuario y contraseña.
+
+{% raw %}
+```yaml
+registries:
+  composer:
+    type: composer-repository
+    url: https://repo.packagist.com/example-company/
+    username: octocat
+    password: ${{secrets.MY_PACKAGIST_PASSWORD}}
+```
+{% endraw %}
+
+### `docker-registry`
+
+El tipo `docker-registry` es compatible con nombre de usuario y contraseña.
+
+{% raw %}
+```yaml
+registries:
+  dockerhub:
+    type: docker-registry
+    url: https://registry.hub.docker.com
+    username: octocat
+    password: ${{secrets.MY_DOCKERHUB_PASSWORD}}
+```
+{% endraw %}
+
+El tipo `docker-registry` también se puede utilizar para extraer información de Amazon ECR utilizando las credenciales estáticas de AWS.
+
+{% raw %}
+```yaml
+registries:
+  ecr-docker:
+    type: docker-registry
+    url: https://1234567890.dkr.ecr.us-east-1.amazonaws.com
+    username: ${{secrets.ECR_AWS_ACCESS_KEY_ID}}
+    password: ${{secrets.ECR_AWS_SECRET_ACCESS_KEY}}
+```
+{% endraw %}
+
+### `git`
+
+El tipo `git` es compatible con nombre de usuario y contraseña.
+
+{% raw %}
+```yaml
+registries:
+  github-octocat:
+    type: git
+    url: https://github.com
+    username: x-access-token
+    password: ${{secrets.MY_GITHUB_PERSONAL_TOKEN}}
+```
+{% endraw %}
+
+### `hex-organization`
+
+El tipo `hex-organization` es compatible con organizaciones y claves.
+
+{% raw %}
+```yaml
+registries:
+  github-hex-org:
+    type: hex-organization
+    organization: github
+    key: ${{secrets.MY_HEX_ORGANIZATION_KEY}}
+```
+{% endraw %}
+
+### `maven-repository`
+
+El tipo `maven-repository` es compatible con usuario y contraseña.
+
+{% raw %}
+```yaml
+registries:
+  maven-artifactory:
+    type: maven-repository
+    url: https://artifactory.example.com
+    username: octocat
+    password: ${{secrets.MY_ARTIFACTORY_PASSWORD}}
+```
+{% endraw %}
+
+### `npm-registry`
+
+El tipo `npm-registry` es compatible con nombre de usuario y contraseña, o token.
+
+Cuando utilizas un nombre de usuario y contraseña, tu token de autorización de `.npmrc` podría contener un `_password` cifrado en `base64`; sin embargo, la contraseña referenciada en tu archivo de configuración del {% data variables.product.prodname_dependabot %} podría ser la contraseña original (descifrada).
+
+{% raw %}
+```yaml
+registries:
+  npm-npmjs:
+    type: npm-registry
+    url: https://registry.npmjs.org
+    username: octocat
+    password: ${{secrets.MY_NPM_PASSWORD}}  # Must be an unencoded password
+```
+{% endraw %}
+
+{% raw %}
+```yaml
+registries:
+  npm-github:
+    type: npm-registry
+    url: https://npm.pkg.github.com
+    token: ${{secrets.MY_GITHUB_PERSONAL_TOKEN}}
+```
+{% endraw %}
+
+### `nuget-feed`
+
+El tipo `nuget-feed` es compatible con nombre de usuario y contraseña, o token.
+
+{% raw %}
+```yaml
+registries:
+  nuget-example:
+    type: nuget-feed
+    url: https://nuget.example.com/v3/index.json
+    username: octocat@example.com
+    password: ${{secrets.MY_NUGET_PASSWORD}}
+```
+{% endraw %}
+
+{% raw %}
+```yaml
+registries:
+  nuget-azure-devops:
+    type: nuget-feed
+    url: https://pkgs.dev.azure.com/.../_packaging/My_Feed/nuget/v3/index.json
+    token: ${{secrets.MY_AZURE_DEVOPS_TOKEN}}
+```
+{% endraw %}
+
+### `python-index`
+
+El tipo `python-index` es compatible con nombre de usuario y contraseña, o token.
+
+{% raw %}
+```yaml
+registries:
+  python-example:
+    type: python-index
+    url: https://example.com/_packaging/my-feed/pypi/example
+    username: octocat
+    password: ${{secrets.MY_BASIC_AUTH_PASSWORD}}
+    replaces-base: true
+```
+{% endraw %}
+
+{% raw %}
+```yaml
+registries:
+  python-azure:
+    type: python-index
+    url: https://pkgs.dev.azure.com/octocat/_packaging/my-feed/pypi/example
+    token: ${{secrets.MY_AZURE_DEVOPS_TOKEN}}
+    replaces-base: true
+```
+{% endraw %}
+
+### `rubygems-server`
+
+El tipo `rubygems-server` es compatible con nombre de usuario y contraseña, o token.
+
+{% raw %}
+```yaml
+registries:
+  ruby-example:
+    type: rubygems-server
+    url: https://rubygems.example.com
+    username: octocat@example.com
+    password: ${{secrets.MY_RUBYGEMS_PASSWORD}}
+```
+{% endraw %}
+
+{% raw %}
+```yaml
+registries:
+  ruby-github:
+    type: rubygems-server
+    url: https://rubygems.pkg.github.com/octocat/github_api
+    token: ${{secrets.MY_GITHUB_PERSONAL_TOKEN}}
+```
+{% endraw %}
+
+### `terraform-registry`
+
+El tipo `terraform-registry` es comatible con un token.
+
+{% raw %}
+```yaml
+registries:
+  terraform-example:
+    type: terraform-registry
+    url: https://terraform.example.com
+    token: ${{secrets.MY_TERRAFORM_API_TOKEN}}
+```
+{% endraw %}
diff --git a/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md b/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md
new file mode 100644
index 000000000000..cddf88ee0945
--- /dev/null
+++ b/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md
@@ -0,0 +1,142 @@
+---
+title: Configuring Dependabot version updates
+intro: 'Puedes configurar tu repositorio para que el {% data variables.product.prodname_dependabot %} actualice automáticamente los paquetes que utilizas.'
+permissions: 'People with write permissions to a repository can enable or disable {% data variables.product.prodname_dependabot_version_updates %} for the repository.'
+redirect_from:
+  - /github/administering-a-repository/enabling-and-disabling-version-updates
+  - /code-security/supply-chain-security/enabling-and-disabling-version-updates
+  - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-version-updates
+  - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '> 3.2'
+type: how_to
+topics:
+  - Dependabot
+  - Version updates
+  - Repositories
+  - Dependencies
+  - Pull requests
+shortTitle: Configure version updates
+---
+
+<!--Marketing-LINK: From /features/security/software-supply-chain page "About version updates for dependencies".-->
+{% data reusables.dependabot.beta-security-and-version-updates %}
+{% data reusables.dependabot.enterprise-enable-dependabot %}
+
+## Acerca de las actualizaciones de versión para las dependencias
+
+Habilitarás {% data variables.product.prodname_dependabot_version_updates %} mediante la selección de un archivo de configuración de *dependabot.yml* en el directorio `.github` dentro de tu repositorio. El {% data variables.product.prodname_dependabot %} levanta entonces las solicitudes de extracción para mantener actualizadas las dependencias que configures. Para cada dependencia del administrador de paquete que quieras actualizar, debes especificar la ubicación de los archivos de manifiesto de dicho paquete, así como la periodicidad en la que quieres buscar actualizaciones para las dependencias listadas en esos archivos. Para obtener más información sobre habilitar las actualizaciones de seguridad, consulta la sección "[Configurar las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)".
+
+{% data reusables.dependabot.initial-updates %} Para obtener más información, consulta la sección "[Personalizar las actualizaciones de las dependencias](/github/administering-a-repository/customizing-dependency-updates)".
+
+{% data reusables.dependabot.private-dependencies-note %} Adicionalmente, el {% data variables.product.prodname_dependabot %} no es compatible con dependencias privadas de {% data variables.product.prodname_dotcom %} para todos los administradores de paquetes. Para obtener más información, consulta las secciones "[Acerca de las actualizaciones de versión del Dependabot](/github/administering-a-repository/about-dependabot-version-updates#supported-repositories-and-ecosystems)" y "[Soporte para idiomas de {% data variables.product.prodname_dotcom %}](/github/getting-started-with-github/github-language-support)".
+
+## Habilitar las {% data variables.product.prodname_dependabot_version_updates %}
+
+{% data reusables.dependabot.create-dependabot-yml %} For information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates)."
+1. Agrega una `version`.
+1. Opcionalmente, si tienes dependencias en un registro privado, agrega una sección de `registries` que contenga los detalles de autenticación.
+1. Agrega una sección de `updates` con una entrada para cada administrador de paquetes que quieras que monitoree el {% data variables.product.prodname_dependabot %}.
+1. Para cada administrador de paquete, utiliza:
+    - `package-ecosystem` para especificar el administrador de paquetes.
+    - `directory` para especificar la ubicación del manifiesto u otros archivos de definición.
+    - `schedule.interval` para especificar qué tan a menudo se debe revisar si hay nuevas versiones.
+{% data reusables.dependabot.check-in-dependabot-yml %}
+
+### Archivo *dependabot.yml* de ejemplo
+
+El archivo de ejemplo *dependabot.yml* que se muestra a continuación actualiza dos administradores de paquetes: npm y Docker. Cuando se registra este archivo, el {% data variables.product.prodname_dependabot %} revisa los archivos de manifiesto en la rama predeterminada par ver si hay dependencias desactualizadas. Si encuentra dependencias desactualizadas, levantará solicitudes de extracción contra la rama predeterminada para actualizar estas dependencias.
+
+```yaml
+# Basic dependabot.yml file with
+# minimum configuration for two package managers
+
+version: 2
+updates:
+  # Enable version updates for npm
+  - package-ecosystem: "npm"
+    # Look for `package.json` and `lock` files in the `root` directory
+    directory: "/"
+    # Check the npm registry for updates every day (weekdays)
+    schedule:
+      interval: "daily"
+
+  # Enable version updates for Docker
+  - package-ecosystem: "docker"
+    # Look for a `Dockerfile` in the `root` directory
+    directory: "/"
+    # Check for updates once a week
+    schedule:
+      interval: "weekly"
+```
+
+En el ejemplo anterior, si las dependencias de Docker estuvieran muy desactualizadas, tal vez quisieras comenzar con una programación de tipo `daily` hasta que las dependencias estén bien actualizadas y, posteriormente, tomar una programación semanal.
+
+### Habilitar las actualizaciones de versión en las bifurcaciones
+
+Si quieres habilitar las actualizaciones de versión en las bifurcaciones, hay un paso extra que debes tomar. Las actualizaciones de versión no se habilitan automáticamente en las bifurcaciones cuando existe un archivo de configuración *dependabot.yml*. Esto garantiza que los dueños de la bifurcación no habiliten las actualizaciones de versión accidentalmente cuando suben cambios, incluyendo el archivo de configuración *dependabot.yml* del repositorio original.
+
+En una bifurcación, también necesitas habilitar explícitamente el {% data variables.product.prodname_dependabot %}.
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.accessing-repository-graphs %}
+{% data reusables.repositories.click-dependency-graph %}
+{% data reusables.dependabot.click-dependabot-tab %}
+5. Debajo de "Habilitar el Dependabot", da clic en **Enable Dependabot**.
+
+## Revisar el estado de las actualizaciones de versión
+
+Después de que habilitas las actualizaciones de versión, se llena la pestaña del **Dependabot** en la gráfica de dependencias del repositorio. This tab shows which package managers {% data variables.product.prodname_dependabot %} is configured to monitor and when {% data variables.product.prodname_dependabot %} last checked for new versions.
+
+![Pestaña de perspectivas de repositorio, gráfica de dependencias, pestaña de dependabot](/assets/images/help/dependabot/dependabot-tab-view.png)
+
+Para obtener más información, consulta la sección "[Listar las dependencias configuradas para las actualizaciones de versión](/github/administering-a-repository/listing-dependencies-configured-for-version-updates)".
+
+## Inhabilitar las {% data variables.product.prodname_dependabot_version_updates %}
+
+Puedes inhabilitar las actualizaciones de versión completamente si eliminas el archivo *dependabot.yml* de tu repositorio. Normalmente, tal vez quieras inhabilitar las actualizaciones temporalmente para una o más dependencias o administradores de paquete.
+
+- Administradores de paquete: inhabilítalas configurando `open-pull-requests-limit: 0` o dejando de comentar el `package-ecosystem` relevante en el archivo de configuración.
+- Dependencias específicas: inhabilítalas agregando los atributos de `ignore` para los paquetes o aplicaciones que quieras excluir de las actualizaciones.
+
+Cuando inhabilitas las dependencias, puedes utilizar comodines para empatar con un conjunto de bibliotecas relacionadas. También puedes especificar qué versiones excluir. Esto es particularmente útil si necesitas bloquear actualizaciones en una biblioteca, el trabajo pendiente para apoyar un cambio sustancial en su API, pero quieres quieres obtener cualquier arreglo de seguridad para la versión que utilices.
+
+### Ejemplo de inhabilitar las actualizaciones de versión para algunas dependencias
+
+En este archivo de *dependabot.yml* de ejemplo se incluyen ejemplos de las formas diferentes para inhabilitar las actualizaciones en algunas dependencias, mientras que se permite que otras actualizaciones continuen.
+
+```yaml
+# dependabot.yml file with updates
+# disabled for Docker and limited for npm
+
+version: 2
+updates:
+  # Configuration for Dockerfile
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      # Disable all pull requests for Docker dependencies
+    open-pull-requests-limit: 0
+
+  # Configuration for npm
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    ignore:
+      # Ignore updates to packages that start with 'aws'
+      # Wildcards match zero or more arbitrary characters
+      - dependency-name: "aws*"
+      # Ignore some updates to the 'express' package
+      - dependency-name: "express"
+        # Ignore only new versions for 4.x and 5.x
+        versions: ["4.x", "5.x"]
+      # For all packages, ignore all patch updates
+      - dependency-name: "*"
+        update-types: ["version-update:semver-patch"]
+```
+
+For more information about checking for existing ignore preferences, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#ignore)."
diff --git a/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates.md b/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates.md
new file mode 100644
index 000000000000..5e17ccc4091d
--- /dev/null
+++ b/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates.md
@@ -0,0 +1,144 @@
+---
+title: Personalizar las actualizaciones de las dependencias
+intro: 'Puedes personalizar cómo el {% data variables.product.prodname_dependabot %} mantiene tus dependencias.'
+permissions: 'People with write permissions to a repository can configure {% data variables.product.prodname_dependabot %} for the repository.'
+redirect_from:
+  - /github/administering-a-repository/customizing-dependency-updates
+  - /code-security/supply-chain-security/customizing-dependency-updates
+  - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>3.2'
+type: how_to
+topics:
+  - Dependabot
+  - Version updates
+  - Security updates
+  - Repositories
+  - Dependencies
+  - Pull requests
+  - Vulnerabilities
+shortTitle: Pesonalizar las actualizaciones
+---
+
+{% data reusables.dependabot.beta-security-and-version-updates %}
+{% data reusables.dependabot.enterprise-enable-dependabot %}
+
+## Acerca de personalizar las actualizaciones de las dependencias
+
+Después de que hayas habilitado la actualización de versiones, puedes personalizar como el {% data variables.product.prodname_dependabot %} mantiene tus dependencias si agregas más opciones al archivo *dependabot.yml*. Por ejemplo, podrías:
+
+- Especifica en qué día de la semana se abrirán las solicitudes de extracción para la actualización de versiones: `schedule.day`
+- Establece revisores, asignados y etiquetas para cada administrador de paquete: `reviewers`, `assignees`, y `labels`
+- Define una estrategia de versionamiento para los cambios que se realicen en cada archivo de manifiesto: `versioning-strategy`
+- Cambia la cantidad máxima de solicitudes de extracción abiertas para actualizaciones de versión del valor predeterminado que es 5: `open-pull-requests-limit`
+- Abre solicitudes de extracción para actualizaciones de versión para seleccionar una rama específica en vez de la rama predeterminada: `target-branch`
+
+For more information about the configuration options, see "[Configuration options for the dependabot.yml file](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates)."
+
+Cuando actualizas el archivo *dependabot.yml* en tu repositorio, el {% data variables.product.prodname_dependabot %} ejecuta una revisión inmediata con la nueva configuración. Verás una lista de dependencias actualizada en cuestión de minutos en la pestaña de **{% data variables.product.prodname_dependabot %}**, esto podría tomar más tiempo si el reposiorio tiene muchas dependencias. También puedes ver las solicitudes de extracción nuevas para las actualizaciones de versión. Para obtener más información, consulta la sección "[Listar dependencias configuradas para actualizaciones de versión](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates)".
+
+## Impacto de los cambios de configuración en las actualizaciones de seguridad
+
+Si personalizas el archivo *dependabot.yml*, podrías notar algunos cambios en las solicitudes de extracción que se levantan para las actualizaciones de seguridad. Estas solicitudes de extracción siempre se activan mediante una asesoría de seguridad para una dependencia en vez de mediante un calendario de programación del {% data variables.product.prodname_dependabot %}. Sin embargo, estas heredan la configuración de ajustes relevante del archivo *dependabot.yml* a menos de que especifiques una rama destino diferente para las actualizaciones de versión.
+
+Por ejemplo, consulta la sección "[Configurar etiquetas personalizadas](#setting-custom-labels)" a más adelante.
+
+## Modificar la programación
+
+Cuando configuras una actualización de tipo `daily`, predeterminadamente, el {% data variables.product.prodname_dependabot %} revisa si hay nuevas versiones a las 05:00 UTC. Puedes utilizar `schedule.time` para especificar una hora alterna para que revise actualizaciones (en formato: `hh:mm`).
+
+El archivo *dependabot.yml* de ejemplo a continuación expande la configuración de npm para especificar cuándo el {% data variables.product.prodname_dependabot %} debería revisar si hay actualizaciones de versión para las dependencias.
+
+```yaml
+# dependabot.yml file with
+# customized schedule for version updates
+
+version: 2
+updates:
+  # Keep npm dependencies up to date
+  - package-ecosystem: "npm"
+    directory: "/"
+    # Check the npm registry for updates at 2am UTC
+    schedule:
+      interval: "daily"
+      time: "02:00"
+```
+
+## Configurar los revisores y asignados
+
+Predeterminadamente, el {% data variables.product.prodname_dependabot %} levanta solicitudes de extracción sin ningún revisor o asignado.
+
+Puedes utilizar `reviewers` y `assignees` para especificar los revisores y asignados para todas las solicitudes de extracción que se levanten para un administrador de paquete. Cuando especificas un equipo, debes utilizar el nombre completo de éste, como si estuvieras @mencionándolo (incluyendo la organización).
+
+El ejemplo de archivo *dependabot.yml* mostrado a continuación cambia las configuraciones npm para que todas las solicitudes de extracción que se hayan abierto con actualizaciones de versión y de seguridad para npm tengan dos revisores y un asignado.
+
+```yaml
+# dependabot.yml file with
+# reviews and an assignee for all npm pull requests
+
+version: 2
+updates:
+  # Keep npm dependencies up to date
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # Raise all npm pull requests with reviewers
+    reviewers:
+      - "my-org/team-name"
+      - "octocat"
+    # Raise all npm pull requests with an assignee
+    assignees:
+      - "user-name"
+```
+
+## Configurar las etiquetas personalizadas
+
+{% data reusables.dependabot.default-labels %}
+
+Puedes utilizar `labels` para anular las etiquetas predeterminadas y especificar etiquetas alternas para todas las solicitudes de extracción que se han levantado para un administrador de paquete. No puedes crear etiquetas nuevas en el archivo *dependabot.yml*, así que las etiquetas alternas ya deben existir en el repositorio.
+
+El siguiente ejemplo de archivo *dependabot.yml* cambia la configuración de npm para que las solicitudes de extracción abiertas con actualizaciones de versión y de seguridad para npm tengan etiquetas personalizadas. También cambia la configuración de Docker para revisar las actualizaciones de versión contra una rama personalizada y para levantar solicitudes de extracción con etiquetas personalizadas contra dicha rama personalizada. Los cambios en Docker no afectarán las solicitudes de extracción para actualizaciones de seguridad, ya que dichas actualizaciones de seguridad siempre se hacen contra la rama predeterminada.
+
+{% note %}
+
+**Nota:** La nueva `target-branch` deberá contener un Dockerfile para actualizar, de lo contrario, este cambio tendrá el efecto de inhabilitar las actualizaciones de versión para Docker.
+
+{% endnote %}
+
+```yaml
+# dependabot.yml file with
+# customized npm configuration
+
+version: 2
+updates:
+  # Keep npm dependencies up to date
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # Raise all npm pull requests with custom labels
+    labels:
+      - "npm dependencies"
+      - "triage-board"
+
+    # Keep Docker dependencies up to date
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # Raise pull requests for Docker version updates
+    # against the "develop" branch. The Docker configuration
+    # no longer affects security update pull requests.
+    target-branch: "develop"
+    # Use custom labels on pull requests for Docker version updates
+    labels:
+      - "Docker dependencies"
+      - "triage-board"
+```
+
+## Más ejemplos
+
+For more examples, see "[Configuration options for the dependabot.yml file](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates)."
diff --git a/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/index.md b/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/index.md
new file mode 100644
index 000000000000..a15c2fb8c963
--- /dev/null
+++ b/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/index.md
@@ -0,0 +1,26 @@
+---
+title: Keeping your dependencies updated automatically with Dependabot version updates
+intro: 'You can use {% data variables.product.prodname_dependabot %} to automatically keep the dependencies and packages used in your repository updated to the latest version, even when they don’t have any known vulnerabilities.'
+allowTitleToDifferFromFilename: true
+redirect_from:
+  - /github/administering-a-repository/keeping-your-dependencies-updated-automatically
+  - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>3.2'
+topics:
+  - Repositories
+  - Dependabot
+  - Version updates
+  - Dependencies
+  - Pull requests
+children:
+  - /about-dependabot-version-updates
+  - /configuring-dependabot-version-updates
+  - /listing-dependencies-configured-for-version-updates
+  - /customizing-dependency-updates
+  - /configuration-options-for-the-dependabot.yml-file
+shortTitle: Actualizaciones de versión del dependabot
+---
+
diff --git a/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates.md b/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates.md
new file mode 100644
index 000000000000..b3f534f6c67a
--- /dev/null
+++ b/translations/es-ES/content/code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates.md
@@ -0,0 +1,39 @@
+---
+title: Listar dependencias configuradas para las actualizaciones de versión
+intro: 'Puedes ver las dependencias que monitorea el {% data variables.product.prodname_dependabot %} pára encontrar actualizaciones.'
+redirect_from:
+  - /github/administering-a-repository/listing-dependencies-configured-for-version-updates
+  - /code-security/supply-chain-security/listing-dependencies-configured-for-version-updates
+  - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>3.2'
+type: how_to
+topics:
+  - Repositories
+  - Dependabot
+  - Version updates
+  - Dependencies
+shortTitle: Dependencias configuradas en la lista
+---
+
+{% data reusables.dependabot.beta-security-and-version-updates %}
+{% data reusables.dependabot.enterprise-enable-dependabot %}
+
+## Visualizar dependencias que monitorea el {% data variables.product.prodname_dependabot %}
+
+Después de que habilites las actualizaciones de versión, puedes confirmar que tu configuración es la correcta si utilizas la pestaña de **{% data variables.product.prodname_dependabot %}** en la gráfica de dependencias para el repositorio. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)."
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.accessing-repository-graphs %}
+{% data reusables.repositories.click-dependency-graph %}
+{% data reusables.dependabot.click-dependabot-tab %}
+1. Opcionalmente, para ver los archivos que se monitorean para un administrador de paquete, da clic en el {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %} asociado. ![Archivos de dependencia monitoreados](/assets/images/help/dependabot/monitored-dependency-files.png)
+
+Si no encuentras alguna dependencia, revisa los archivos de bitácora para ver los errores. En caso de que no encuentres algún administrador de paquete, revisa el archivo de configuración.
+
+## Visualizar los archivos de bitácora del {% data variables.product.prodname_dependabot %}
+
+1. En la **pestaña de {% data variables.product.prodname_dependabot %}**, da clic en **Revisado por última vez hace *TIME*** para ver el archivo de bitácora que generó el {% data variables.product.prodname_dependabot %} durante su última verificación de actualizaciones de versión. ![Ver el archivo de bitácora](/assets/images/help/dependabot/last-checked-link.png)
+2. Opcionalmente, para volver a ejecutar la revisión de versión, da clic en **Revisar si hay actualizaciones**. ![Revisar si hay actualizaciones](/assets/images/help/dependabot/check-for-updates.png)
diff --git a/translations/es-ES/content/code-security/dependabot/index.md b/translations/es-ES/content/code-security/dependabot/index.md
new file mode 100644
index 000000000000..cb1f4984f916
--- /dev/null
+++ b/translations/es-ES/content/code-security/dependabot/index.md
@@ -0,0 +1,23 @@
+---
+title: Keeping your supply chain secure with Dependabot
+shortTitle: Dependabot
+intro: 'Monitor vulnerabilities in dependencies used in your project{% ifversion fpt or ghec or ghes > 3.2 %} and keep your dependencies up-to-date{% endif %} with {% data variables.product.prodname_dependabot %}.'
+allowTitleToDifferFromFilename: true
+versions:
+  fpt: '*'
+  ghes: '*'
+  ghae: issue-4864
+  ghec: '*'
+topics:
+  - Dependabot
+  - Alerts
+  - Vulnerabilities
+  - Repositories
+  - Dependencies
+children:
+  - /dependabot-alerts
+  - /dependabot-security-updates
+  - /dependabot-version-updates
+  - /working-with-dependabot
+---
+
diff --git a/translations/es-ES/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md
new file mode 100644
index 000000000000..3fa452941fdb
--- /dev/null
+++ b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md
@@ -0,0 +1,557 @@
+---
+title: Automatizar al Dependabot con las GitHub Actions
+intro: 'Ejemplos de cómo puedes utilizar las {% data variables.product.prodname_actions %} para automatizar las tareas comunes relacionadas con el {% data variables.product.prodname_dependabot %}.'
+permissions: 'People with write permissions to a repository can configure {% data variables.product.prodname_actions %} to respond to {% data variables.product.prodname_dependabot %}-created pull requests.'
+miniTocMaxHeadingLevel: 3
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>3.2'
+type: how_to
+topics:
+  - Actions
+  - Dependabot
+  - Version updates
+  - Security updates
+  - Repositories
+  - Dependencies
+  - Pull requests
+shortTitle: Utiliza el Dependabot con las acciones
+redirect_from:
+  - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions
+---
+
+{% data reusables.dependabot.beta-security-and-version-updates %}
+{% data reusables.dependabot.enterprise-enable-dependabot %}
+
+## Acerca del {% data variables.product.prodname_dependabot %} y de las {% data variables.product.prodname_actions %}
+
+El {% data variables.product.prodname_dependabot %} crea las solicitudes de cambios para mantener actualizadas tus dependencias y puedes utilizar las {% data variables.product.prodname_actions %} para llevar a cabo tareas automatizadas cuando se creen estas solicitudes de cambios. Por ejemplo, recupera artefactos adicionales, agrega etiquetas, ejecuta pruebas o modifica la solicitud de cambios de cualquier otra forma.
+
+## Responder a los eventos
+
+El {% data variables.product.prodname_dependabot %} puede activar flujos de trabajo de las {% data variables.product.prodname_actions %} en sus solicitudes de cambios y comentarios; sin embargo, algunos eventos se tratan de forma distinta.
+
+{% ifversion fpt or ghec or ghes > 3.3 or ghae-issue-5792 %}
+Para el caso de los flujos de trabajo que inicia el {% data variables.product.prodname_dependabot %} (`github.actor == "dependabot[bot]"`) y que utilizan los eventos `pull_request`, `pull_request_review`, `pull_request_review_comment`, `push`, `create`, `deployment` y `deployment_status`, aplican las siguientes restricciones:
+{% endif %}
+
+- {% ifversion ghes = 3.3 %} El `GITHUB_TOKEN` tiene permisos de solo lectura, a menos de que tu adminsitrador haya eliminado las restricciones.{% else %} El `GITHUB_TOKEN` tiene permisos de solo lectura predeterminadamente.{% endif %}
+- {% ifversion ghes = 3.3 %}No se puede acceder a los secretos a menos de que tu administrador haya eliminado las restricciones.{% else %}Los secretos se llenan desde los secretos del {% data variables.product.prodname_dependabot %}. Los secretos de las {% data variables.product.prodname_actions %} no están disponibles.{% endif %}
+
+{% ifversion fpt or ghec or ghes > 3.3 or ghae-issue-5792 %}
+Para el caso de los flujos de trabajo que inicia el {% data variables.product.prodname_dependabot %}(`github.actor == "dependabot[bot]"`) y utilizan el evento `pull_request_target`, si {% data variables.product.prodname_dependabot %} (`github.actor == "dependabot[bot]"`) creó la ref base de la solicitud de cambios, entonces el `GITHUB_TOKEN` será de solo lectura y los secretos no estarán disponibles.
+{% endif %}
+
+Para obtener màs informaciòn, consulta la secciòn "[Mantener seguras tus GitHub Actions y flujos de trabajo: Prevenir solicitudes de tipo pwn](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)".
+
+{% ifversion fpt or ghec or ghes > 3.3 %}
+
+### Cambiar los permisos de `GITHUB_TOKEN`
+
+Predeterminadamente, los flujos de trabajo de las {% data variables.product.prodname_actions %} que activa el {% data variables.product.prodname_dependabot %} obtendrán un `GITHUB_TOKEN` con permisos de solo lectura. Puedes utilizar la llave de `permissions` en tu flujo de trabajo para incrementar el acceso del token:
+
+{% raw %}
+
+```yaml
+name: CI
+on: pull_request
+
+# Set the access for individual scopes, or use permissions: write-all
+permissions:
+  pull-requests: write
+  issues: write
+  repository-projects: write
+  ...
+
+jobs:
+  ...
+```
+
+{% endraw %}
+
+Para obtener màs informaciòn, consulta la secciòn "[Modificar los permisos para el GITHUB_TOKEN](/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token)".
+
+### Acceder a los secretos
+
+Cuando un evento del {% data variables.product.prodname_dependabot %} activa un flujo de trabajo, los únicos secretos disponibles para dicho flujo de trabajo son los del {% data variables.product.prodname_dependabot %}. Los secretos de las {% data variables.product.prodname_actions %} no están disponibles. Por lo tanto, debes almacenar cualquier secreto que utilice un flujo de trabajo activado mediante los eventos del {% data variables.product.prodname_dependabot %} como secretos del {% data variables.product.prodname_dependabot %}. Para obtener más información, consulta la sección "[Administrar los secretos cifrados del Dependabot](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot)".
+
+Los secretos del {% data variables.product.prodname_dependabot %} se agregan al contexto de `secrets` y se referencian utilizando exactamente la misma sintaxis que la de los secretos para las {% data variables.product.prodname_actions %}. Para obtener más información, consulta la sección "[Secretos cifrados](/actions/security-guides/encrypted-secrets#using-encrypted-secrets-in-a-workflow)".
+
+Si tienes un flujo de trabajo que se activará mediante el {% data variables.product.prodname_dependabot %} y también mediante otros actores, la solución más simple es almacenar el token con los permisos requeridos en una acción y en un secreto del {% data variables.product.prodname_dependabot %} con nombres idénticos. Entonces, el flujo de trabajo puede incluir una llamada simple a estos secretos. Si el secreto del {% data variables.product.prodname_dependabot %} tiene un nombre diferente, utiliza condiciones para especificar los secretos correctos para que los utilicen los diferentes actores. Para ver ejemplos que utilizan condiciones, consulta la sección de "[Automatizaciones comunes](#common-dependabot-automations)" a continuación.
+
+Para acceder a un registro de contenedor privado en AWS con un nombre de usuario y contraseña, un flujo de trabajo deberá incluir un secreto para el `username` y la `password`. En el siguiente ejemplo, cuando el {% data variables.product.prodname_dependabot %} activa el flujo de trabajo, se utilizan los secretos del {% data variables.product.prodname_dependabot %} con los nombres `READONLY_AWS_ACCESS_KEY_ID` y `READONLY_AWS_ACCESS_KEY`. Si otro actor activa el flujo de trabajo, se utilizarán los secretos de las acciones con estos nombres.
+
+{% raw %}
+
+```yaml
+name: CI
+on:
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Login to private container registry for dependencies
+        uses: docker/login-action@v1
+        with:
+          registry: https://1234567890.dkr.ecr.us-east-1.amazonaws.com
+          username: ${{ secrets.READONLY_AWS_ACCESS_KEY_ID }}
+          password: ${{ secrets.READONLY_AWS_ACCESS_KEY }}
+
+      - name: Build the Docker image
+        run: docker build . --file Dockerfile --tag my-image-name:$(date +%s)
+```
+
+{% endraw %}
+
+{% endif %}
+
+{% ifversion ghes = 3.3 %}
+
+{% note %}
+
+**Nota:** Tu administrador de sitio puede anular estas restricciones para {% data variables.product.product_location %}. Para obtener más información, consulta la sección "[Solucionar los problemas de las {% data variables.product.prodname_actions %} en tu empresa](/admin/github-actions/advanced-configuration-and-troubleshooting/troubleshooting-github-actions-for-your-enterprise#troubleshooting-failures-when-dependabot-triggers-existing-workflows)".
+
+Si se eliminan las restricciones, cuando el {% data variables.product.prodname_dependabot %} active un flujo de trabajo, este tendrá acceso a los secretos de las {% data variables.product.prodname_actions %} y podrá utilizar el término `permissions` para incrementar el alcance predeterminado del `GITHUB_TOKEN` desde el acceso de solo lectura. Puedes ignorar los pasos específicos en las secciones de "Eventos de manejo de `pull_request`" y de "Eventos de manejo de `push`", ya que esto ya no aplica.
+
+{% endnote %}
+
+### Manejar los eventos de `pull_request`
+
+Si tu flujo de trabajo necesita acceso a los secretos o a un `GITHUB_TOKEN` con permisos de escritura, tienes dos opciones: utilizar `pull_request_target`, o utilizar dos flujos de trabajo separados. En esta sección, describiremos a detalle cómo utilizar `pull_request_target` y utilizaremos los dos siguientes flujos de trabajo en cómo "[Manejar eventos `push`](#handling-push-events)".
+
+Debajo hay un ejemplo simple de un flujo de trabajo de una `pull_request` que podría estar fallando ahora:
+
+{% raw %}
+
+```yaml
+### This workflow now has no secrets and a read-only token
+name: Dependabot Workflow
+on:
+  pull_request
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    # Always check the actor is Dependabot to prevent your workflow from failing on non-Dependabot PRs
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - uses: actions/checkout@v2
+```
+
+{% endraw %}
+
+Puedes reemplazar a `pull_request` con `pull_request_target`, el cual se utiliza para las solicitudes de cambio de las bifurcaciones y revisar explícitamente el `HEAD` de la solicitud de cambios.
+
+{% warning %}
+
+**Advertencia:** El utilizar `pull_request_target` como sustituto de `pull_request` de expone a un comportamiento inseguro. Te recomendamos utilizar el método de dos flujos de trabajo de acuerdo con lo que se describe a continuación en "[Administrar eventos `push`](#handling-push-events)".
+
+{% endwarning %}
+
+{% raw %}
+
+```yaml
+### This workflow has access to secrets and a read-write token
+name: Dependabot Workflow
+on:
+  pull_request_target
+
+permissions:
+  # Downscope as necessary, since you now have a read-write token
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          # Check out the pull request HEAD
+          ref: ${{ github.event.pull_request.head.sha }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+```
+
+{% endraw %}
+
+También se recomienda fuertemente que bajes el alcance de los permisos que otorgas al `GITHUB_TOKEN` para poder evitar que se fugue un token con más privilegios de lo necesario. Para obtener más información, consulta ña sección "[Permisos del `GITHUB_TOKEN`](/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token)".
+
+### Manejar eventos `push`
+
+Ya que no hay un equivalente de `pull_request_target` para los eventos `push`, tendrás que utilizar dos flujos de trabajo: uno no confiable que termine cargando artefactos, el cual activará un segundo flujo de trabajo que descargará los artefactos y seguirá procesándose.
+
+El primer flujo de trabajo lleva a cabo cualquier trabajo no confiable:
+
+{% raw %}
+
+```yaml
+### This workflow doesn't have access to secrets and has a read-only token
+name: Dependabot Untrusted Workflow
+on:
+  push
+
+jobs:
+  check-dependabot:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - uses: ...
+```
+
+{% endraw %}
+
+El segundo flujo de trabajo llevará a cabo el trabajo confiable después de que el primero se complete exitosamente:
+
+{% raw %}
+
+```yaml
+### This workflow has access to secrets and a read-write token
+name: Dependabot Trusted Workflow
+on:
+  workflow_run:
+    workflows: ["Dependabot Untrusted Workflow"]
+    types:
+      - completed
+
+permissions:
+  # Downscope as necessary, since you now have a read-write token
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    steps:
+      - uses: ...
+```
+
+{% endraw %}
+
+{% endif %}
+
+### Volver a ejecutar un flujo de trabajo manualmente
+
+También puedes volver a ejecutar un flujo de trabajo fallido del Dependabot manualmente y este seguirá ejecutándose con un token de lectura-escritura y con acceso a los secretos. Antes de volver a ejecutar los flujos de trabajo fallidos manualmente, siempre debes verificar la dependencia que se está actualizando para asegurarte de que el cambio no introduzca ningún comportamiento imprevisto o malicioso.
+
+## Automatizaciones comunes del Dependabot
+
+Aquí mostramos varios escenarios comunes que pueden automatizarse utilizando las {% data variables.product.prodname_actions %}.
+
+{% ifversion ghes = 3.3 %}
+
+{% note %}
+
+**Nota:** Si tu administrador de sitio anuló las restricciones del {% data variables.product.prodname_dependabot %} en {% data variables.product.product_location %}, puedes utilizar `pull_request` en vez de `pull_request_target` en los siguientes flujos de trabajo.
+
+{% endnote %}
+
+{% endif %}
+
+### Recuperar metadatos de una solicitud de cambios
+
+Automatizar mucho requiere saber información del contenido de la solicitud de cambios: cuál era el nombre de la dependencia, si es una dependencia productva y si es una actualización de parche menor o mayor.
+
+La acción `dependabot/fetch-metadata` te proporciona toda esta información:
+
+{% ifversion ghes = 3.3 %}
+
+{% raw %}
+
+```yaml
+name: Dependabot fetch metadata
+on: pull_request_target
+
+permissions:
+  pull-requests: write
+  issues: write
+  repository-projects: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - name: Dependabot metadata
+        id: dependabot-metadata
+        uses: dependabot/fetch-metadata@v1.1.1
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      # The following properties are now available:
+      #  - steps.dependabot-metadata.outputs.dependency-names
+      #  - steps.dependabot-metadata.outputs.dependency-type
+      #  - steps.dependabot-metadata.outputs.update-type      
+```
+
+{% endraw %}
+
+{% else %}
+
+{% raw %}
+
+```yaml
+name: Dependabot fetch metadata
+on: pull_request
+
+permissions:
+  pull-requests: write
+  issues: write
+  repository-projects: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v1.1.1
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      # The following properties are now available:
+      #  - steps.metadata.outputs.dependency-names
+      #  - steps.metadata.outputs.dependency-type
+      #  - steps.metadata.outputs.update-type      
+```
+
+{% endraw %}
+
+{% endif %}
+
+Para obtener más información, consulta el repositorio [`dependabot/fetch-metadata`](https://github.com/dependabot/fetch-metadata).
+
+### Etiquetar una solicitud de cambios
+
+Si tienes otros flujos de trabajo de automatización o clasificación que se basen en etiquetas de {% data variables.product.prodname_dotcom %}, puedes configurar una acción para asignar etiquetas con base en los metadatos proporcionados.
+
+Por ejemplo, si quieres etiquetar todas las actualizaciones de las dependencias de producción con una etiqueta:
+
+{% ifversion ghes = 3.3 %}
+
+{% raw %}
+
+```yaml
+name: Dependabot auto-label
+on: pull_request_target
+
+permissions:
+  pull-requests: write
+  issues: write
+  repository-projects: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - name: Dependabot metadata
+        id: dependabot-metadata
+        uses: dependabot/fetch-metadata@v1.1.1
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      - name: Add a label for all production dependencies
+        if: ${{ steps.dependabot-metadata.outputs.dependency-type == 'direct:production' }}
+        run: gh pr edit "$PR_URL" --add-label "production"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+```
+
+{% endraw %}
+
+{% else %}
+
+{% raw %}
+
+```yaml
+name: Dependabot auto-label
+on: pull_request
+
+permissions:
+  pull-requests: write
+  issues: write
+  repository-projects: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v1.1.1
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      - name: Add a label for all production dependencies
+        if: ${{ steps.metadata.outputs.dependency-type == 'direct:production' }}
+        run: gh pr edit "$PR_URL" --add-label "production"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+```
+
+{% endraw %}
+
+{% endif %}
+
+### Aprobar una solicitud de cambios
+
+Si quieres aprobar las solicitudes de cambios del Dependabot automáticamente, puedes utilizar el {% data variables.product.prodname_cli %} en un flujo de trabajo:
+
+{% ifversion ghes = 3.3 %}
+
+{% raw %}
+
+```yaml
+name: Dependabot auto-approve
+on: pull_request_target
+
+permissions:
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - name: Dependabot metadata
+        id: dependabot-metadata
+        uses: dependabot/fetch-metadata@v1.1.1
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      - name: Approve a PR
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+```
+
+{% endraw %}
+
+{% else %}
+
+{% raw %}
+
+```yaml
+name: Dependabot auto-approve
+on: pull_request
+
+permissions:
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v1.1.1
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      - name: Approve a PR
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+```
+
+{% endraw %}
+
+{% endif %}
+
+### Habilita la fusión automática en una solicitud de cambios
+
+Si quieres fusionar tus solicitudes de cambios automáticamente, puedes utilizar la funcionalidad de fusión automática de {% data variables.product.prodname_dotcom %}. Esto habilita a la solicitud de cambios para que se fusione cuando se cumpla con todas las pruebas y aprobaciones requeridas. Para obtener más información sobre la fusión automática, consulta la sección "[Fusionar una solicitud de cambios automáticamente](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/automatically-merging-a-pull-request)".
+
+Aquí tienes un ejemplo de cómo habilitar la fusión automática para todas las actualizaciones de parche en `my-dependency`:
+
+{% ifversion ghes = 3.3 %}
+
+{% raw %}
+
+```yaml
+name: Dependabot auto-merge
+on: pull_request_target
+
+permissions:
+  pull-requests: write
+  contents: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - name: Dependabot metadata
+        id: dependabot-metadata
+        uses: dependabot/fetch-metadata@v1.1.1
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      - name: Enable auto-merge for Dependabot PRs
+        if: ${{contains(steps.dependabot-metadata.outputs.dependency-names, 'my-dependency') && steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch'}}
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+```
+
+{% endraw %}
+
+{% else %}
+
+{% raw %}
+
+```yaml
+name: Dependabot auto-merge
+on: pull_request
+
+permissions:
+  pull-requests: write
+  contents: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v1.1.1
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      - name: Enable auto-merge for Dependabot PRs
+        if: ${{contains(steps.metadata.outputs.dependency-names, 'my-dependency') && steps.metadata.outputs.update-type == 'version-update:semver-patch'}}
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+```
+
+{% endraw %}
+
+{% endif %}
+
+## Solucionar los problemas de las ejecuciones de flujo de trabajo fallidas
+
+Si tu ejecución de flujo de trabajo falla, verifica lo siguiente:
+
+{% ifversion ghes = 3.3 %}
+
+- Estás ejecutando el flujo de trabajo únicamente cuando el actor adecuado lo activa.
+- Estás verificando la `ref` de tu `pull_request`.
+- No estás intentando acceder a los secretos desde un evento de `pull_request`, `pull_request_review`, `pull_request_review_comment`, o `push` activado por el Dependabot.
+- No estás intentando llevar a cabo ninguna acción de `write` desde dentro de un evento de tipo `pull_request`, `pull_request_review`, `pull_request_review_comment`, o `push` que haya activado el Dependabot.
+
+{% else %}
+
+- Estás ejecutando el flujo de trabajo únicamente cuando el actor adecuado lo activa.
+- Estás verificando la `ref` de tu `pull_request`.
+- Tus secretos están disponibles en los secretos del {% data variables.product.prodname_dependabot %}, en vez de como secretos de las {% data variables.product.prodname_actions %}.
+- Si tienes un `GITHUB_TOKEN` con los permisos correctos.
+
+{% endif %}
+
+Para obtener más información sobre cómo escribir y depurar las {% data variables.product.prodname_actions %}, consulta la sección "[Aprender sobre las Acciones de GitHub](/actions/learn-github-actions)".
diff --git a/translations/es-ES/content/code-security/dependabot/working-with-dependabot/index.md b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/index.md
new file mode 100644
index 000000000000..2ff0dbc0daf9
--- /dev/null
+++ b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/index.md
@@ -0,0 +1,24 @@
+---
+title: Working with Dependabot
+shortTitle: Work with Dependabot
+intro: 'Guidance and recommendations for working with {% data variables.product.prodname_dependabot %}, such as managing pull requests raised by {% data variables.product.prodname_dependabot %}, using {% data variables.product.prodname_actions %} with {% data variables.product.prodname_dependabot %}, and troubleshooting {% data variables.product.prodname_dependabot %} errors.'
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>3.2'
+topics:
+  - Repositories
+  - Dependabot
+  - Version updates
+  - Security updates
+  - Dependencies
+  - Pull requests
+children:
+  - /managing-pull-requests-for-dependency-updates
+  - /automating-dependabot-with-github-actions
+  - /keeping-your-actions-up-to-date-with-dependabot
+  - /managing-encrypted-secrets-for-dependabot
+  - /troubleshooting-the-detection-of-vulnerable-dependencies
+  - /troubleshooting-dependabot-errors
+---
+
diff --git a/translations/es-ES/content/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot.md b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot.md
new file mode 100644
index 000000000000..15b1f0c5c38c
--- /dev/null
+++ b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot.md
@@ -0,0 +1,65 @@
+---
+title: Mantener tus acciones actualizadas con el Dependabot
+intro: 'Puedes utilizar el {% data variables.product.prodname_dependabot %} para mantener las acciones que utilizas actualizadas en sus versiones más recientes.'
+redirect_from:
+  - /github/administering-a-repository/keeping-your-actions-up-to-date-with-github-dependabot
+  - /github/administering-a-repository/keeping-your-actions-up-to-date-with-dependabot
+  - /code-security/supply-chain-security/keeping-your-actions-up-to-date-with-dependabot
+  - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>3.2'
+type: how_to
+topics:
+  - Repositories
+  - Dependabot
+  - Version updates
+  - Actions
+shortTitle: Acciones de actualización automática
+---
+
+{% data reusables.dependabot.beta-security-and-version-updates %}
+
+{% data reusables.dependabot.enterprise-enable-dependabot %}
+
+## Acerca de {% data variables.product.prodname_dependabot_version_updates %} para las acciones
+
+Las acciones a menudo se actualizan con correcciones de errores y con nuevas características para que los procesos automatizados sean más confiables, rápidos y seguros. Cundo habilitas las {% data variables.product.prodname_dependabot_version_updates %} para {% data variables.product.prodname_actions %}, {% data variables.product.prodname_dependabot %} te ayudará a asegurarte de que las referencias para las acciones en el archivo *workflow.yml* de un repositorio se mantengan actualizadas. El {% data variables.product.prodname_dependabot %} verifica la referencia de la acción para cada una de ellas en el archivo (habitualmente un número de versión o identificador de confirmación que se asocie con la acción) contra la última versión. Si alguna versión más reciente de la acción está disponible, el {% data variables.product.prodname_dependabot %} te enviará una solicitud de extracción que actualice la referencia en el archivo de flujo de trabajo a su última versión. Para obtener más información acerca de las {% data variables.product.prodname_dependabot_version_updates %}, consulta la sección "[Acerca del {% data variables.product.prodname_dependabot_version_updates %}](/github/administering-a-repository/about-dependabot-version-updates)". Para obtener más información acerca de configurar flujos de trabajo para las {% data variables.product.prodname_actions %}, consulta la sección "[Aprende sobre las {% data variables.product.prodname_actions %}](/actions/learn-github-actions)".
+
+{% data reusables.actions.workflow-runs-dependabot-note %}
+
+## Habilitar las {% data variables.product.prodname_dependabot_version_updates %} para las acciones
+
+{% data reusables.dependabot.create-dependabot-yml %}Si ya habilitaste las {% data variables.product.prodname_dependabot_version_updates %} para otros ecosistemas o administradores de paquetes, simplemente abre el archivo *dependabot.yml* existente.
+1. Especifica `"github-actions"` como el `package-ecosystem` a monitorear.
+1. Configura el `directory` como `"/"` para verificar los archivos de flujo de trabajo en `.github/workflows`.
+1. Configura un `schedule.interval` para especificar la frecuencia en la que se revisará si hay versiones nuevas.
+{% data reusables.dependabot.check-in-dependabot-yml %}Si editaste un archivo existente, guarda tus cambios.
+
+También puedes habilitar las {% data variables.product.prodname_dependabot_version_updates %} en las bifurcaciones. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates#enabling-version-updates-on-forks)."
+
+### Archivo de ejemplo de *dependabot.yml* para {% data variables.product.prodname_actions %}
+
+El siguiente ejemplo de archivo de *dependabot.yml* configura las actualizaciones de versión para {% data variables.product.prodname_actions %}. El `directory` debe configurarse como `"/"` para verificar los archivos de flujo de trabajo en `.github/workflows`. El `schedule.interval` se configura en `"daily"`. Después de que se verifique o actualice este archivo, el {% data variables.product.prodname_dependabot %} revisará si hay versiones nuevas de tus acciones. El {% data variables.product.prodname_dependabot %} levantará solicitudes de extracción para las actualizaciones de versión de cualquier acción desactualizada que encuentre. Después de las actualizaciones de versión iniciales, el {% data variables.product.prodname_dependabot %} seguirá buscando versiones desactualizadas para las acciones una vez por día.
+
+```yaml
+# Set update schedule for GitHub Actions
+
+version: 2
+updates:
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      # Check for updates to GitHub Actions every weekday
+      interval: "daily"
+```
+
+## Configurar las {% data variables.product.prodname_dependabot_version_updates %} para las acciones
+
+Cuando habilitas las {% data variables.product.prodname_dependabot_version_updates %} para las acciones, debes especificar los valores de `package-ecosystem`, `directory`, y `schedule.interval`. Hay muchas más propiedades opcionales que puedes configurar para personalizar tus actualizaciones de versión aún más. For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates)."
+
+## Leer más
+
+- "[Acerca de GitHub Actions](/actions/getting-started-with-github-actions/about-github-actions)"
diff --git a/translations/es-ES/content/code-security/dependabot/working-with-dependabot/managing-encrypted-secrets-for-dependabot.md b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/managing-encrypted-secrets-for-dependabot.md
new file mode 100644
index 000000000000..a1e096878116
--- /dev/null
+++ b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/managing-encrypted-secrets-for-dependabot.md
@@ -0,0 +1,91 @@
+---
+title: Administrar los secretos cifrados para el Dependabot
+intro: 'Puedes almacenar la información sensible, como las contraseñas y tokens de acceso, como secretos cifrados y luego referenciarlos en el archivo de configuración del {% data variables.product.prodname_dependabot %}.'
+redirect_from:
+  - /github/administering-a-repository/managing-encrypted-secrets-for-dependabot
+  - /code-security/supply-chain-security/managing-encrypted-secrets-for-dependabot
+  - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>3.2'
+type: how_to
+topics:
+  - Dependabot
+  - Version updates
+  - Secret store
+  - Repositories
+  - Dependencies
+shortTitle: Administrar los secretos cifrados
+---
+
+{% data reusables.dependabot.beta-security-and-version-updates %}
+
+## Acerca de los secretos cifrados para los {% data variables.product.prodname_dependabot %}
+
+Los secretos del {% data variables.product.prodname_dependabot %} son credenciales cifradas que creas ya sea a nivel de la organización o del repositorio.
+Cuando agregas un secreto a nivel de la organización, puedes especificar qué repositorios pueden acceder a éste. Puedes utilizar secretos para permitir que el {% data variables.product.prodname_dependabot %} actualice las dependencias que se ubiquen en los registros del paquete. Cuando agregas un secreto que está cifrado antes de llegar a {% data variables.product.prodname_dotcom %} y permanece cifrado hasta que lo utiliza el {% data variables.product.prodname_dependabot %} para acceder a un registro de paquetes privado.
+
+Después de que agregas un secreto del {% data variables.product.prodname_dependabot %}, puedes referenciarlo en el archivo de configuración _dependabot.yml_ de esta forma: {% raw %}`${{secrets.NAME}}`{% endraw %}, en donde "NAME" es el nombre que eliges para el secreto. Por ejemplo:
+
+{% raw %}
+```yaml
+password: ${{secrets.MY_ARTIFACTORY_PASSWORD}}
+```
+{% endraw %}
+
+For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)."
+
+### Nombrar tus secretos
+
+El nombre de un secreto del {% data variables.product.prodname_dependabot %}:
+* Solo puede contener caracteres alfanuméricos (`[A-Z]`, `[0-9]`) o guiones bajos (`_`). No se permiten espacios. Si escribes en minúscula, se cambiará todo a mayúsculas.
+* No puede iniciar con el prefijo `GITHUB_`.
+* No puede iniciar con un número.
+
+## Agregar un secreto de repositorio para el {% data variables.product.prodname_dependabot %}
+
+{% data reusables.actions.permissions-statement-secrets-repository %}
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+{% data reusables.actions.sidebar-secret %}
+{% data reusables.dependabot.dependabot-secrets-button %}
+1. Da clic en **Secreto de repositorio nuevo**.
+1. Teclea un nombre para tu secreto en el cuadro de entrada **Name**.
+1. Ingresa el valor de tu secreto.
+1. Haz clic en **Agregar secreto** (Agregar secreto).
+
+   El nombre del secreto se lista en la página de secretos del Dependabot. Puedes hacer clic en **Actualizar** para cambiar el valor del secreto. Puedes hacer clic en **Eliminar** para borrar el secreto.
+
+   ![Actualizar o eliminar un secreto del repositorio](/assets/images/help/dependabot/update-remove-repo-secret.png)
+
+## Agregar un secreto de organización para el {% data variables.product.prodname_dependabot %}
+
+Cuando creas un secreto en una organización, puedes utilizar una política para limitar el acceso de los repositorios a este. Por ejemplo, puedes otorgar acceso a todos los repositorios, o limitarlo a solo los repositorios privados o a una lista específica de estos.
+
+{% data reusables.actions.permissions-statement-secrets-organization %}
+
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.org_settings %}
+{% data reusables.actions.sidebar-secret %}
+{% data reusables.dependabot.dependabot-secrets-button %}
+1. Da clic en **Secreto de organización nuevo**.
+1. Teclea un nombre para tu secreto en el cuadro de entrada **Name**.
+1. Ingresa el **Valor** para tu secreto.
+1. Desde la lista desplegable **Acceso de los repositorios**, elige una política de acceso.
+1. Si eliges **Repositorios seleccionados**:
+
+   * Da clic en {% octicon "gear" aria-label="The Gear icon" %}.
+   * Elige los repositorios que pueden acceder a este secreto. ![Selecciona los repositorios para este secreto](/assets/images/help/dependabot/secret-repository-access.png)
+   * Haz clic en **Actualizar selección**.
+
+1. Haz clic en **Agregar secreto** (Agregar secreto).
+
+   El nombre del secreto se lista en la página de secretos del Dependabot. Puedes hacer clic en **Actualizar** para cambiar el valor del secreto o su política de acceso. Puedes hacer clic en **Eliminar** para borrar el secreto.
+
+   ![Actualiza o elimina un secreto de organización](/assets/images/help/dependabot/update-remove-org-secret.png)
+
+## Agregar al {% data variables.product.prodname_dependabot %} a tu lista de direcciones IP permitidas de tus registros
+
+Si tu registro privado se configura con una lista de direcciones IP permitidas, puedes encontrar las direcciones IP que utiliza el {% data variables.product.prodname_dependabot %} para acceder al registro en la terminal API del meta, bajo la clave `dependabot`. Para obtener más información, consulta la sección "[Meta](/rest/reference/meta)".
diff --git a/translations/es-ES/content/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates.md b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates.md
new file mode 100644
index 000000000000..2d6833e15f7b
--- /dev/null
+++ b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates.md
@@ -0,0 +1,66 @@
+---
+title: Administrar las solicitudes de extracción para las actualizaciones de dependencia
+intro: 'Administrarás las solicitudes de extracción que levante el {% data variables.product.prodname_dependabot %} de casi la misma forma que cualquier otra solicitud de extracción, pero hay algunas opciones adicionales.'
+redirect_from:
+  - /github/administering-a-repository/managing-pull-requests-for-dependency-updates
+  - /code-security/supply-chain-security/managing-pull-requests-for-dependency-updates
+  - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '> 3.2'
+type: how_to
+topics:
+  - Repositories
+  - Version updates
+  - Security updates
+  - Pull requests
+  - Dependencies
+  - Vulnerabilities
+shortTitle: Administrar las solicitudes de cambios del Dependabot
+---
+
+{% data reusables.dependabot.beta-security-and-version-updates %}
+{% data reusables.dependabot.enterprise-enable-dependabot %}
+
+## Acerca de las solicitudes de extracción del {% data variables.product.prodname_dependabot %}
+
+{% data reusables.dependabot.pull-request-introduction %}
+
+Cuando el {% data variables.product.prodname_dependabot %} levanta una solicitud de extracción, se te notificará con el método que hayas escogido para el repositorio. Cada solicitud de cambios contiene información detallada sobre el cambio propusto, que se toma del administrador de paquetes. Estas solicitudes de extracción siguen las revisiones y pruebas normales que se definieron en tu repositorio.
+{% ifversion fpt or ghec %}Adicionalmente, cuando haya suficiente información disponible, verás una puntuación de compatibilidad. Esto también podría ayudarte a decidir si quieres fusionar el cambio o no. Para obtener información sobre esta puntuación, consulta la sección "[Acerca de las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)".{% endif %}
+
+Si tienes muchas dependencias para administrar, tal vez quieras personalizar la configuración para cada administrador de paquete y que así, las solicitudes de extracción tengan revisores, asignados, y etiquetas específicos. Para obtener más información, consulta la sección "[Personalizar actualizaciones de dependencias](/github/administering-a-repository/customizing-dependency-updates)".
+
+## Visualizar las solicitudes de extracción del {% data variables.product.prodname_dependabot %}
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-pr %}
+1. Cualquier solicitud de cambio de actualizaciones de versión o de seguridad se puede identificar fácilmente.
+    - El autor es {% ifversion fpt or ghec %}[dependabot](https://github.com/dependabot){% else %}dependabot{% endif %}, la cuenta bot que utiliza el {% data variables.product.prodname_dependabot %}.
+    - Predeterminadamente, tienen la etiqueta `dependencies`.
+
+## Cambiar la estrategia de rebase para las solicitudes de extracción del {% data variables.product.prodname_dependabot %}
+
+Predeterminadamente, el {% data variables.product.prodname_dependabot %} rebasa automáticamente las solicitudes de extracción para resolver cualquier conflicto. Si prefieres manejar los conflictos de fusión manualmente, puedes inhabilitar esta opción utilizando la opción de `rebase-strategy`. For details, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#rebase-strategy)."
+
+## Administrar las solicitudes de extracción del {% data variables.product.prodname_dependabot %} con comandos de comentario
+
+El {% data variables.product.prodname_dependabot %} responde a comandos simples en los comentarios. Cada solicitud de cambios contiene detalles de los comandos que puedes utilizar para procesarla (por ejemplo: para fusionarla, combinarla, reabrirla, cerrarla o rebasarla) bajo la sección de "comandos y opciones del {% data variables.product.prodname_dependabot %}". El objetivo es facilitar tanto como sea posible el que se pueda clasificar automáticamente las solicitudes de extracción generadas.
+
+Puedes utilizar cualquiera de los siguientes comandos en una solicitud de cambios del {% data variables.product.prodname_dependabot %}.
+
+- `@dependabot cancel merge` cancela una fusión previamente solicitada.
+- `@dependabot close` cierra la solicitud de cambios y previene que el {% data variables.product.prodname_dependabot %} vuelva a crearla. Puedes lograr el mismo resultado si cierras la solicitud de cambios manualmente.
+- `@dependabot ignore this dependency` cierra la solicitud de cambios y previene que {% data variables.product.prodname_dependabot %} cree más solicitudes de cambios para esta dependencia (a menos de que vuelvas a abrir la solicitud de cambios para mejorarla a la versión sugerida de la dependencia tú mismo).
+- `@dependabot ignore this major version` cierra la solicitud de cambios y previene que el {% data variables.product.prodname_dependabot %} cree más solicitudes de cambio para esta versión mayor (a menos de que vuelvas a abrir la solicitud de cambios o de que tú mismo mejores a esta versión mayor).
+- `@dependabot ignore this minor version` cierra la solicitud de cambios y previene que el {% data variables.product.prodname_dependabot %} cree más solicitudes de cambio para esta versión menor (a menos de que vuelvas a abrir la solicitud de cambios o que tú mismo mejores a esta versión menor).
+- `@dependabot merge` fusiona la solicitud de cambios una vez que tus pruebas de IC hayan pasado.
+- `@dependabot rebase` rebasa la solicitud de cambios.
+- `@dependabot recreate` vuelve a crear la solicitud de cambios, sobreescribiendo cualquier edición que se le haya hecho.
+- `@dependabot reopen` vuelve a abrir la solicitud de cambios si es que se había cerrado.
+- `@dependabot squash and merge` combina y fusiona la solicitud de cambios una vez que hayan pasado tus pruebas de IC.
+
+El {% data variables.product.prodname_dependabot %} reaccionará con un emoji de "pulgares arriba" para reconocer el comando y podrá responder con un comentario de la solicitud de cambios. Si bien el {% data variables.product.prodname_dependabot %} a menudo responde rápidamente, algunos comandos podrían tardar varios minutos para completarse si el {% data variables.product.prodname_dependabot %} está ocupado procesando otras actualizaciones o comandos.
+
+Si ejecutas cualquiera de los comandos para ignorar las dependencias o las versiones, el {% data variables.product.prodname_dependabot %} almacena las preferencias para el repositorio centralmente. Si bien esta es una solución rápida, para aquellos repositorios con más de un colaborador, es mejor definir explícitamente las dependencias y versiones a ignorar en el archivo de configuración. Esto hace que todos los colaboradores puedan ver más fácilmente por qué una dependencia en particular no se está actualizando automáticamente. For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#ignore)."
diff --git a/translations/es-ES/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md
new file mode 100644
index 000000000000..0566e72e6bb2
--- /dev/null
+++ b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md
@@ -0,0 +1,129 @@
+---
+title: Solucionar problemas de los errores del Dependabot
+intro: 'Algunas veces, el {% data variables.product.prodname_dependabot %} no puede levantar solicitudes de cambios para actualizar tus dependencias. Puedes revisar el error y desbloquear al {% data variables.product.prodname_dependabot %}.'
+shortTitle: Solución de errores
+redirect_from:
+  - /github/managing-security-vulnerabilities/troubleshooting-github-dependabot-errors
+  - /github/managing-security-vulnerabilities/troubleshooting-dependabot-errors
+  - /code-security/supply-chain-security/troubleshooting-dependabot-errors
+  - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>3.2'
+type: how_to
+topics:
+  - Dependabot
+  - Security updates
+  - Version updates
+  - Repositories
+  - Pull requests
+  - Troubleshooting
+  - Errors
+  - Dependencies
+---
+
+{% data reusables.dependabot.beta-security-and-version-updates %}
+
+{% data reusables.dependabot.enterprise-enable-dependabot %}
+
+## Acerca de los errores del {% data variables.product.prodname_dependabot %}
+
+{% data reusables.dependabot.pull-request-introduction %}
+
+Si existe algo que impida que el {% data variables.product.prodname_dependabot %} levante una solicitud de cambios, esto se reporta como un error.
+
+## Investigar los errores de las {% data variables.product.prodname_dependabot_security_updates %}
+
+Cuando se bloquea al {% data variables.product.prodname_dependabot %} y no puede crear una solicitud de cambios para arreglar una alerta del {% data variables.product.prodname_dependabot %}, éste publica el mensaje de error en la alerta. La vista de {% data variables.product.prodname_dependabot_alerts %} muestra una lista de cualquier alerta que aún no se haya resuelto. Para acceder a la vista de alertas, da clic en **{% data variables.product.prodname_dependabot_alerts %}** en la pestaña de **Seguridad** del repositorio. Donde sea que se genere una solicitud de cambios que arregle una dependencia vulnerable, la alerta incluirá un enlace a dicha solicitud.
+
+![Vista de las {% data variables.product.prodname_dependabot_alerts %} que muestra un enlace a una solicitud de cambios](/assets/images/help/dependabot/dependabot-alert-pr-link.png)
+
+Hay tres razones por las cuales una alerta pudiera no tener un enlace a una solicitud de cambios:
+
+1. No se han habilitado las {% data variables.product.prodname_dependabot_security_updates %} en el repositorio.
+1. La alerta es para una dependencia transitoria o indirecta que no se definió explícitamente en un archivo de bloqueo.
+1. Un error bloqueó al {% data variables.product.prodname_dependabot %} y éste no puede crear una solicitud de cambios.
+
+Si existe un error que bloqueó al {% data variables.product.prodname_dependabot %} y éste no puede crear una solicitud de cambios, puedes mostrar los detalles del error si das clic en la alerta.
+
+## Investigar los errores de las {% data variables.product.prodname_dependabot_version_updates %}
+
+Cuando el {% data variables.product.prodname_dependabot %} se bloquea y no puede crear una solicitud de cambios para actualizar una dependencia en un ecosistema, éste publica el icono de error en el archivo de manifiesto. Los archivos de manifiesto que administra el {% data variables.product.prodname_dependabot %} se listan en la pestaña de {% data variables.product.prodname_dependabot %}. Para acceder a esta pestaña, en la pestaña de **perspectivas** del repositorio, da clic en **Gráfica de dependencias**, y luego en la pestaña **{% data variables.product.prodname_dependabot %}**.
+
+![vista del {% data variables.product.prodname_dependabot %} que muestra un error](/assets/images/help/dependabot/dependabot-tab-view-error.png)
+
+{% ifversion fpt or ghec %}
+
+Para ver el archivo de bitácora de cualquier archivo de manifiesto, da clic en el enlace de **Última revisión hace TIEMPO**. Cuando muestras el archivo de bitácora de un manifiesto que se muestra con un símbolo de error (por ejemplo, Maven en la impresión de pantalla anterior), cualquier error se mostrará también.
+
+![Error y bitácora de una actualizacón de versión del {% data variables.product.prodname_dependabot %} ](/assets/images/help/dependabot/dependabot-version-update-error.png)
+
+{% else %}
+
+Para ver las bitácoras de cualquier archivo de manifiesto, haz clic en el enlace de **Verificado por última vez HACE** y luego en **Ver bitácoras**.
+
+![Error y bitácora de una actualizacón de versión del {% data variables.product.prodname_dependabot %} ](/assets/images/enterprise/3.3/dependabot/dependabot-version-update-error.png)
+
+{% endif %}
+
+## Entender los errores del {% data variables.product.prodname_dependabot %}
+
+Las solicitudes de cambios para las actualizaciones de seguridad actúan para mejorar una dependencia vulnerable a la versión mínima que incluya un arreglo de la vulnerabilidad. Por el contrario, las solicitudes de cambios para las actualizaciones de versión actúan para mejorar una dependencia a la última versión que permite el paquete de archivos de manifiesto y de configuración del {% data variables.product.prodname_dependabot %}. Como consecuencia, algunos errores son específicos de un tipo de actualización.
+
+### El {% data variables.product.prodname_dependabot %} no puede actualizar la DEPENDENCIA a una versión no-vulnerable
+
+**Únicamente actualizaciones de seguridad.** El {% data variables.product.prodname_dependabot %} no puede crear una solicitud de cambios para actualizar la dependencia vulnerable a una versión segura sin afectar otras dependencias en la gráfica de dependencias de este repositorio.
+
+Cada aplicación que tenga dependencias tiene una gráfica de dependencias, esto es, una gráfica acíclica dirigida de cada versión de paquete de la cual depende la aplicación directa o indirectamente. Cada vez que se actualiza una dependencia, esta gráfica debe resolverse o la aplicación no se compilará. Cuando un ecosistema tiene una gráfica de dependencias profunda y compleja, por ejemplo, npm y RubyGems, es a menudo imposible mejorar una sola dependencia sin mejorar todo el ecosistema.
+
+La mejor forma de evitar este problema es mantenerse actualizado con los lanzamientos de versiones más recientes, por ejemplo, habilitando las actualizaciones de versión. Esto aumenta la probabilidad de que una vulnerabilidad en alguna dependencia pueda resolverse con una mejora simple que no afecte la gráfica de dependencias. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)."
+
+### El {% data variables.product.prodname_dependabot %} no puede actualizar a la versión requerida porque ya existe una solicitud de cambios abierta para la última versión
+
+**Únicamente actualizaciones de seguridad.** El {% data variables.product.prodname_dependabot %}no creará una solicitud de cambios para actualizar la dependencia vulnerable a una versión segura porque ya existe una solicitud de cambios abierta para actualizar dicha dependencia. Verás éste error cuando se detecte una vulnerabilidad en una dependencia específica y ya exista una solicitud de cambios abierta para actualizar dicha dependencia a la última versión disponible.
+
+Existen dos opciones: puedes revisar la solicitud de cambios abierta y fusionarla tan pronto como puedas garantizar que el cambio es seguro, o cerrar la solicitud de cambios y activar una solicitud nueva de actualización de seguridad. Para obtener más información, consulta la sección "[Activar una solicitud de cambios del {% data variables.product.prodname_dependabot %} manualmente](#triggering-a-dependabot-pull-request-manually)".
+
+### El {% data variables.product.prodname_dependabot %} agotó el tiempo de espera durante su actualización
+
+El {% data variables.product.prodname_dependabot %} tardó más del límite de tiempo máximo permitido para valorar la actualización requerida y preparar una solicitud de cambios. Este error a menudo se ve únicamente en los repositorios grandes con muchos archivos de manifiesto, por ejemplo, en los proyectos de npm o yarn monorepo, que tienen cientos de archivos *package.json*. Las actualizaciones en el ecosistema de Composer también llevan más tiempo para su valoración y podrían exceder el tiempo de espera.
+
+Es difícil tratar a este error. Si una actualización de versión excede el tiempo de espera, podrías especificar las dependencias más importantes a actualizar utilizando el parámetro `allow` o, como alternativa, utilizar el parámetro `ignore` para excluir algunas de las dependencias de estas actualizaciones. El actualizar tu configuración podría permitir que el {% data variables.product.prodname_dependabot %} revise la actualización de versión y genere la solicitud de cambios en el tiempo disponible.
+
+Si una actualización de seguridad excede el tiempo de espera, puedes reducir la probabilidad de que esto suceda si mantienes las dependencias actualizadas, por ejemplo, habilitando las actualizaciones de versión. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)."
+
+### El {% data variables.product.prodname_dependabot %} no puede abrir más solicitudes de cambios
+
+Hay un límite en la cantidad de solicitudes de cambios abiertas que el {% data variables.product.prodname_dependabot %} puede generar. Cuando se llega a éste límite, no se podrán abrir más solicitudes de cambios y se reportará este error. La mejor forma de resolver este error es revisar y fusionar algunas de las solicitudes de cambios abiertas.
+
+Hay límites separados para las solicitudes de cambios de actualización de seguridad y de versión, y esto es para que aquellas de actualización de versión no bloqueen la creación de las de actualización de seguridad. El límite para las solicitudes de cambios de actualizaciones de seguridad es de 10. Predeterminadamente, el límite para las actualizaciones de versión es de 5, pero puedes cambiar ésto utilizando el parámetro `open-pull-requests-limit` en el archivo de configuración. For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#open-pull-requests-limit)."
+
+La mejor forma de resolver este error es fusionar o cerrar algunas de las solicitudes de cambios existentes y activar una solicitud de cambios nueva manualmente. Para obtener más información, consulta la sección "[Activar una solicitud de cambios del {% data variables.product.prodname_dependabot %} manualmente](#triggering-a-dependabot-pull-request-manually)".
+
+### El {% data variables.product.prodname_dependabot %} no puede resolver o acceder a tus dependencias
+
+Si el {% data variables.product.prodname_dependabot %} intenta verificar si las referencias de la dependencia necesitan actualizarse en un repositorio, pero no puede acceder a uno o más de los archivos referenciados, la operación fallará con el mensaje de error "{% data variables.product.prodname_dependabot %} can't resolve your LANGUAGE dependency files". El tipo de error de la API es `git_dependencies_not_reachable`.
+
+De forma similar, si el {% data variables.product.prodname_dependabot %} no puede acceder a un registro de un paquete privado en el cual se ubica la dependencia, se generará alguno de los siguientes errores:
+
+*   "El dependabot no puede llegar a la dependencia en un registro de paquete privado"<br> (Tipo de error de la API: `private_source_not_reachable`)
+*   "El Dependabot no puede autenticarse en un registro de paquete privado"<br> (Tipo de error de la API:`private_source_authentication_failure`)
+*   "El Dependabot llegó al límite de tiempo de espera para un registro de paquete privado"<br> (Tipo de error de la API:`private_source_timed_out`)
+*   "El Dependabot no pudo validar el certificado para un registro de paquete privado"<br> (Tipo de error de la API:`private_source_certificate_failure`)
+
+Para permitir añ {% data variables.product.prodname_dependabot %} actualizar las referencias de dependencia exitosamente, asegúrate que todas las dependencias referencias se hospeden en ubicaciones accesibles.
+
+**Únicamente actualizaciones de versión** {% data reusables.dependabot.private-dependencies-note %} Adicionalmente, el {% data variables.product.prodname_dependabot %} no es compatible con dependencias de {% data variables.product.prodname_dotcom %} privadas para todos los administradores de paquetes. Para obtener más información, consulta la sección "[Acerca de las actualizaciones de versión del Dependabot](/github/administering-a-repository/about-dependabot-version-updates#supported-repositories-and-ecosystems)".
+
+## Activar una solicitud de cambios del {% data variables.product.prodname_dependabot %} manualmente
+
+Si desbloqueas al {% data variables.product.prodname_dependabot %}, puedes activar manualmente un nuevo intento de crear una solicitud de cambios.
+
+- **Actualizaciones de seguridad**—muestra la alerta del {% data variables.product.prodname_dependabot %} que presente el error que arreglaste y da clic en **Crear una actualización de seguridad del {% data variables.product.prodname_dependabot %}**.
+- **Actualizaciones de versión**—en la pestaña de **Perspectivas** del repositorio, da clic en **Gráfica de dependencias** y luego en la pestaña de **Dependabot**. Da clic en **Verificado hace *TIME*** para ver el archivo de bitácora que generó el {% data variables.product.prodname_dependabot %} durante la última verificación de actualizaciones de versión. Da clic en **Verificar actualizaciones**.
+
+## Leer más
+
+- "[Troubleshooting the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph)"
+- "[Solucionar problemas en la detección de dependencias vulnerables](/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies)"
diff --git a/translations/es-ES/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md
new file mode 100644
index 000000000000..f74b6351805c
--- /dev/null
+++ b/translations/es-ES/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md
@@ -0,0 +1,93 @@
+---
+title: Solucionar problemas en la detección de dependencias vulnerables
+intro: 'Si la información de la dependencia que reportó {% data variables.product.product_name %} no es lo que esperabas, hay varios puntos a considerar y varias cosas que puedes revisar.'
+shortTitle: Troubleshoot vulnerability detection
+redirect_from:
+  - /github/managing-security-vulnerabilities/troubleshooting-the-detection-of-vulnerable-dependencies
+  - /code-security/supply-chain-security/troubleshooting-the-detection-of-vulnerable-dependencies
+  - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies
+versions:
+  fpt: '*'
+  ghes: '*'
+  ghae: issue-4864
+  ghec: '*'
+type: how_to
+topics:
+  - Dependabot
+  - Alerts
+  - Troubleshooting
+  - Errors
+  - Security updates
+  - Dependencies
+  - Vulnerabilities
+  - CVEs
+  - Repositories
+---
+
+{% data reusables.dependabot.beta-security-and-version-updates %}
+{% data reusables.dependabot.result-discrepancy %}
+
+## ¿Por qué parece que faltan algunas dependencias?
+
+{% data variables.product.prodname_dotcom %} genera y muestra los datos de las dependencias de forma diferente a otras herramientas. En consecuencia, si has estado utilizando otra herramienta para identificar dependencias, muy probablemente encuentres resultados diferentes. Considera lo sigueinte:
+
+*   {% data variables.product.prodname_advisory_database %} es una de las fuentes de datos que utiliza {% data variables.product.prodname_dotcom %} para identificar las dependencias vulnerables. Es una base de datos de información de vulnerabilidades orgtanizada y gratuita para los ecosistemas de paquetes comunes en {% data variables.product.prodname_dotcom %}. Esta incluye tanto los datos reportados directamente a {% data variables.product.prodname_dotcom %} desde {% data variables.product.prodname_security_advisories %}, así como las fuentes oficiales y las comunitarias. {% data variables.product.prodname_dotcom %} revisa y organiza estos datos para garantizar que la información falsa o inprocesable no se comparta con la comunidad de desarrollo. {% data reusables.security-advisory.link-browsing-advisory-db %}
+*   La gráfica de dependencias analiza todos los archivos de manifiesto de paquetes conocidos en un repositorio de usuario. Por ejemplo, para npm analizará el archivo _package-lock.json_. Construye una gráfica de todas las dependencias del repositorio y de los dependientes públicos. Esto sucede cuando habilitas la gráfica de dependencias y cuando alguien hace cargas a la rama predeterminada, y esto incluye a las confirmaciones que hacen cambios a un formato de manifiesto compatible. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)" and "[Troubleshooting the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph)."
+*   {% data variables.product.prodname_dependabot %} escanea cualquier subida a la rama predeterminada que contenga un archivo de manifiesto. Cuando se agrega un registro de vulnerabilidad nuevo, este escanea todos los repositorios existentes y genera una alerta para cada repositorio vulnerable. Las {% data variables.product.prodname_dependabot_alerts %} se agregan a nivel del repositorio, en vez de crear una alerta por cada vulnerabilidad. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."
+*   {% ifversion fpt or ghec or ghes > 3.2 %}{% data variables.product.prodname_dependabot_security_updates %} se activa cuando recibes una alerta sobre una dependencia vulnerable en tu repositorio. Cuando sea posible, el {% data variables.product.prodname_dependabot %} creará una solicitud de cambios en tu repositorio para actualizar la dependencia vulnerable a la versión segura mínima posible que se requiere para evitar la vulnerabilidad. Para obtener más información, consulta las secciones "[Acerca de las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)" y "[Solucionar problemas en los errores del {% data variables.product.prodname_dependabot %}](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)".
+
+    {% endif %}El {% data variables.product.prodname_dependabot %} no escanea los repositorios para encontrar dependencias vulnerables en horarios específicos, sino cuando algo cambia. Por ejemplo, se activará un escaneo cuando se agregue una dependencia nueva ({% data variables.product.prodname_dotcom %} verifica esto en cada subida) o cuando se agrega una vulnerabilidad a la base de datos de las asesorías {% ifversion ghes or ghae-issue-4864 %} y se sincroniza con {% data variables.product.product_location %}{% endif %}. Para obtener más información, consulta la sección "[Acerca de las {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#detection-of-vulnerable-dependencies)".
+
+## Do {% data variables.product.prodname_dependabot_alerts %} only relate to vulnerable dependencies in manifests and lockfiles?
+
+Las {% data variables.product.prodname_dependabot_alerts %} te asesoran sobre las dependencias que debes actualizar, incluyendo aquellas transitivas en donde la versión se puede determinar desde un manifiesto o lockfile. {% ifversion fpt or ghec or ghes > 3.2 %}Las {% data variables.product.prodname_dependabot_security_updates %} solo sugieren un cambio donde el {% data variables.product.prodname_dependabot %} pueda "arreglar" la dependencia directamente, es decir, cuando estas son:
+* Dependencias directas declaradas explícitamente en un manifiesto o lockfile
+* Dependencias transitorias declaradas en un archivo de bloqueo{% endif %}
+
+**Verifica**; ¿Acaso no se especifica la vulnerabilidad no detectada para un componente en el manifiesto o lockfile del repositorio?
+
+## ¿Por qué no me llegan alertas de vulnerabilidades de algunos ecosistemas?
+
+{% data variables.product.prodname_dotcom %} limita su soporte para alertas de vulnerabilidades a un conjunto de ecosistemas donde podemos proporcionar datos procesables de alta calidad. Las vulnerabilidades que se seleccionan para la {% data variables.product.prodname_advisory_database %}, la gráfica de dependencias, las actualizaciones de seguridad del {% ifversion fpt or ghec %}{% data variables.product.prodname_dependabot %} {% endif %}y las {% data variables.product.prodname_dependabot_alerts %} se proporcionan para diversos ecosistemas, incluyendo Maven de Java, Yarn y npm de Javascript, NuGet de .NET, pip de Python, RubyGems de Ruby y Composer de PHP. Seguiremos agregando soporte para más ecosistemas a la larga. Para obtener una vista general de los ecosistemas de paquete que soportamos, consulta la sección "[Acerca del gráfico de dependencias](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)".
+
+No vale de nada que las Asesorías de Seguridad de {% data variables.product.prodname_dotcom %} pudiese existir para otros ecosistemas. La información en una asesoría de seguridad la porporcionan los mantenedores de un repositorio específico. Estos datos no se organizan de la misma forma que la información para los ecosistemas compatibles. {% ifversion fpt or ghec %}Para obtener más información, consulta la sección "[Acerca de las Asesorías de Seguridad de {% data variables.product.prodname_dotcom %}](/github/managing-security-vulnerabilities/about-github-security-advisories)."{% endif %}
+
+**Verifica**: ¿Acaso la vulnerabilidad que no se detectó aplica a algún ecosistema no compatible?
+
+## ¿Acaso el {% data variables.product.prodname_dependabot %} genera alertas para vulnerabilidades que se han conocido por muchos años?
+
+La {% data variables.product.prodname_advisory_database %} se lanzó en noviembre de 2019 e incialmente rellenó la inclusión de vulnerabilidades informáticas para los ecosistemas compatibles, comenzando en 2017. Cuando agregas CVE a la base de datos, priorizamos la organización de CVE nuevos y los CVE que afecten las versiones nuevas del software.
+
+Alguna información sobre las vulnerabilidades antiguas se encuentra disponible, especialmente en donde estos CVE se diseminan específicamente, sin embargo, algunas vulnerabilidades no se incluyen en la {% data variables.product.prodname_advisory_database %}. Si hay una vulnerabilidad antigua específica la cual necesites incluir en la base de datos, contacta a {% data variables.contact.contact_support %}.
+
+**Verifica**: ¿Acaso la vulnerabilidad no detectada tiene una fecha depublicación más antigua de 2017 en la Base de Datos de Vulnerabilidades Nacional?
+
+## Por qué la {% data variables.product.prodname_advisory_database %} utiliza un subconjunto de datos de vulnerabilidades publicados?
+
+Algunas herramientas de terceros utilizan datos de CVE sin organizar y no las verificó ni filtró un humano. Esto significa que los CVE con errores de etiquetado o de severidad, o con cualquier problema de calidad, causarán alertas más frecuentes, ruidosas y menos útiles.
+
+Ya que {% data variables.product.prodname_dependabot %} utiliza datos organizado en la {% data variables.product.prodname_advisory_database %}, la cantidad de alertas podría ser menor, pero las alertas que sí recibas serán exactas y relevantes.
+
+{% ifversion fpt or ghec %}
+## ¿Acaso cada vulnerabilidad de la dependencia genera una alerta separada?
+
+Cuando una dependencia tiene vulnerabilidades múltiples, se genera una alerta para cada una de ellas a nivel de la asesoría más el manifiesto.
+
+![Captura de pantalla de la pestaña de {% data variables.product.prodname_dependabot_alerts %} que muestra dos alertas del mismo paquete con diferentes manifiestos.](/assets/images/help/repository/dependabot-alerts-view.png)
+
+Las {% data variables.product.prodname_dependabot_alerts %} tradicionales se agruparon en una sola alerta agregada con todas las vulnerabilidades de la misma dependencia. Si navegas a un enlace a una alerta tradicional del {% data variables.product.prodname_dependabot %}, se te redirigirá a la pestaña de {% data variables.product.prodname_dependabot_alerts %} filtrada para mostrar vulnerabilidades de ese paquete y manifiesto dependientes.
+
+![Captura de pantalla de la pestaña de {% data variables.product.prodname_dependabot_alerts %} que muestra las alertas filtradas cuando se navega desde una alerta tradicional del {% data variables.product.prodname_dependabot %}.](/assets/images/help/repository/legacy-dependabot-alerts-view.png)
+
+El conteo de {% data variables.product.prodname_dependabot_alerts %} en {% data variables.product.prodname_dotcom %} muestra el total de la cantidad de alertas, el cual es el número de vulnerabilidades y no la cantidad de dependencias.
+
+**Verifica**: Si hay alguna discrepancia en los totales que ves, verifica que no estés comparando números de alerta con números de dependencia. También, verifica que estés viendo todas las alertas y no solo un subconjunto de alertas filtradas.
+{% endif %}
+
+## Leer más
+
+- "[Acerca de las {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)"
+- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)"
+- "[Administrar la configuración de seguridad y de análisis para tu organización](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)"
+- "[Troubleshooting the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph)"{% ifversion fpt or ghec or ghes > 3.2 %}
+- "[Solucionar problemas de los errores del {% data variables.product.prodname_dependabot %}](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)"{% endif %}
diff --git a/translations/es-ES/content/code-security/getting-started/github-security-features.md b/translations/es-ES/content/code-security/getting-started/github-security-features.md
index 19655b0a1854..21c6e0e3f757 100644
--- a/translations/es-ES/content/code-security/getting-started/github-security-features.md
+++ b/translations/es-ES/content/code-security/getting-started/github-security-features.md
@@ -37,7 +37,7 @@ Privately discuss and fix security vulnerabilities in your repository's code. Yo
 
 ### {% data variables.product.prodname_dependabot_alerts %} and security updates
 
-View alerts about dependencies that are known to contain security vulnerabilities, and choose whether to have pull requests generated automatically to update these dependencies. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)"
+View alerts about dependencies that are known to contain security vulnerabilities, and choose whether to have pull requests generated automatically to update these dependencies. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)"
 and "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)."
 {% endif %}
 
@@ -46,7 +46,7 @@ and "[About {% data variables.product.prodname_dependabot_security_updates %}](/
 
 {% data reusables.dependabot.dependabot-alerts-beta %}
 
-View alerts about dependencies that are known to contain security vulnerabilities, and manage these alerts. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)."
+View alerts about dependencies that are known to contain security vulnerabilities, and manage these alerts. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)."
 {% endif %}
 
 {% ifversion fpt or ghec or ghes > 3.2 %}
diff --git a/translations/es-ES/content/code-security/getting-started/securing-your-organization.md b/translations/es-ES/content/code-security/getting-started/securing-your-organization.md
index bd40761fcecb..667abbef4440 100644
--- a/translations/es-ES/content/code-security/getting-started/securing-your-organization.md
+++ b/translations/es-ES/content/code-security/getting-started/securing-your-organization.md
@@ -48,7 +48,7 @@ You can create a default security policy that will display in any of your organi
 {% data reusables.dependabot.dependabot-alerts-beta %}
 {% data reusables.dependabot.dependabot-alerts-dependency-graph-enterprise %}
 
-For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)," "[Exploring the dependencies of a repository](/code-security/supply-chain-security/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)," and "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)."
+For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)," "[Exploring the dependencies of a repository](/code-security/supply-chain-security/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)," and "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)."
 {% endif %}
 
 {% ifversion fpt or ghes > 3.1 or ghae-issue-4864 or ghec %}
@@ -79,7 +79,7 @@ For more information, see "[About {% data variables.product.prodname_dependabot_
 
 You can enable {% data variables.product.prodname_dependabot %} to automatically raise pull requests to keep your dependencies up-to-date. For more information, see "[About {% data variables.product.prodname_dependabot_version_updates %}](/code-security/supply-chain-security/about-dependabot-version-updates)."
 
-To enable {% data variables.product.prodname_dependabot_version_updates %}, you must create a *dependabot.yml* configuration file. For more information, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)."
+To enable {% data variables.product.prodname_dependabot_version_updates %}, you must create a *dependabot.yml* configuration file. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)."
 
 {% endif %}
 
@@ -135,7 +135,7 @@ For more information, see "[Managing security and analysis settings for your org
 ## Next steps
 {% ifversion fpt or ghes > 3.1 or ghec %}You can view, filter, and sort security alerts for repositories owned by your organization in the security overview. For more information, see "[About the security overview](/code-security/security-overview/about-the-security-overview)."{% endif %}
 
-You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see {% ifversion fpt or ghes or ghec %} "[Viewing and updating vulnerable dependencies in your repository](/code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository),"{% endif %} {% ifversion fpt or ghec or ghes > 3.2 %}"[Managing pull requests for dependency updates](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Managing {% data variables.product.prodname_code_scanning %} for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," and "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."
+You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see {% ifversion fpt or ghes or ghec %} "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository),"{% endif %} {% ifversion fpt or ghec or ghes > 3.2 %}"[Managing pull requests for dependency updates](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Managing {% data variables.product.prodname_code_scanning %} for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," and "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."
 
 {% ifversion fpt or ghec %}If you have a security vulnerability, you can create a security advisory to privately discuss and fix the vulnerability. For more information, see "[About {% data variables.product.prodname_security_advisories %}](/code-security/security-advisories/about-github-security-advisories)" and "[Creating a security advisory](/code-security/security-advisories/creating-a-security-advisory)."
 {% endif %}
diff --git a/translations/es-ES/content/code-security/getting-started/securing-your-repository.md b/translations/es-ES/content/code-security/getting-started/securing-your-repository.md
index 293eb3185b54..1073b342f8cb 100644
--- a/translations/es-ES/content/code-security/getting-started/securing-your-repository.md
+++ b/translations/es-ES/content/code-security/getting-started/securing-your-repository.md
@@ -75,7 +75,7 @@ For more information, see "[Exploring the dependencies of a repository](/code-se
 {% data reusables.dependabot.dependabot-alerts-beta %}
 {% data reusables.dependabot.dependabot-alerts-dependency-graph-enterprise %}
 
-For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies){% ifversion fpt or ghec %}" and "[Managing security and analysis settings for your user account](/github/setting-up-and-managing-your-github-user-account/managing-security-and-analysis-settings-for-your-user-account){% endif %}."
+For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies){% ifversion fpt or ghec %}" and "[Managing security and analysis settings for your user account](/github/setting-up-and-managing-your-github-user-account/managing-security-and-analysis-settings-for-your-user-account){% endif %}."
 
 {% endif %}
 
@@ -111,7 +111,7 @@ For more information, see "[About {% data variables.product.prodname_dependabot_
 
 You can enable {% data variables.product.prodname_dependabot %} to automatically raise pull requests to keep your dependencies up-to-date. For more information, see "[About {% data variables.product.prodname_dependabot_version_updates %}](/code-security/supply-chain-security/about-dependabot-version-updates)."
 
-To enable {% data variables.product.prodname_dependabot_version_updates %}, you must create a *dependabot.yml* configuration file. For more information, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)."
+To enable {% data variables.product.prodname_dependabot_version_updates %}, you must create a *dependabot.yml* configuration file. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)."
 
 {% endif %}
 
@@ -132,7 +132,7 @@ You can set up {% data variables.product.prodname_code_scanning %} to automatica
 {% endif %}
 
 ## Next steps
-You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see {% ifversion fpt or ghes or ghec %} "[Viewing and updating vulnerable dependencies in your repository](/code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository),"{% endif %} {% ifversion fpt or ghec or ghes > 3.2 %}"[Managing pull requests for dependency updates](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Managing {% data variables.product.prodname_code_scanning %} for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," and "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."
+You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see {% ifversion fpt or ghes or ghec %} "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository),"{% endif %} {% ifversion fpt or ghec or ghes > 3.2 %}"[Managing pull requests for dependency updates](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Managing {% data variables.product.prodname_code_scanning %} for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," and "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."
 
 {% ifversion fpt or ghec %}If you have a security vulnerability, you can create a security advisory to privately discuss and fix the vulnerability. For more information, see "[About {% data variables.product.prodname_security_advisories %}](/code-security/security-advisories/about-github-security-advisories)" and "[Creating a security advisory](/code-security/security-advisories/creating-a-security-advisory)."
 {% endif %}
diff --git a/translations/es-ES/content/code-security/guides.md b/translations/es-ES/content/code-security/guides.md
index 5a086ef6937b..f039f78ff477 100644
--- a/translations/es-ES/content/code-security/guides.md
+++ b/translations/es-ES/content/code-security/guides.md
@@ -75,7 +75,6 @@ includeGuides:
   - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates
   - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies
   - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates
-  - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies
   - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database
   - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database
   - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates
diff --git a/translations/es-ES/content/code-security/index.md b/translations/es-ES/content/code-security/index.md
index 19f3861138df..e7248afec2a2 100644
--- a/translations/es-ES/content/code-security/index.md
+++ b/translations/es-ES/content/code-security/index.md
@@ -54,6 +54,7 @@ children:
   - /code-scanning
   - /repository-security-advisories
   - /supply-chain-security
+  - /dependabot
   - /security-overview
   - /guides
 ---
diff --git a/translations/es-ES/content/code-security/security-overview/about-the-security-overview.md b/translations/es-ES/content/code-security/security-overview/about-the-security-overview.md
index caac5c1400cc..5f830ae10000 100644
--- a/translations/es-ES/content/code-security/security-overview/about-the-security-overview.md
+++ b/translations/es-ES/content/code-security/security-overview/about-the-security-overview.md
@@ -28,7 +28,7 @@ shortTitle: Acerca del resumen de seguridad
 
 Puedes utilizar el resumen de seguirdad para tener una vista de nivel alto del estado de seguridad de tu organización o para identificar repositorios problemáticos que requieren intervención. You can view aggregate or repository-specific security information in the security overview. You can also use the security overview to see which security features are enabled for your repositories and to configure any available security features that are not currently in use.
 
-El resumen de seguridad indica si se encuentran habilitadas las características de {% ifversion fpt or ghes > 3.1 or ghec %}seguridad{% endif %}{% ifversion ghae %}{% data variables.product.prodname_GH_advanced_security %}{% endif %} para los repositorios que pertenecen a tu organización y consolida las alertas para cada característica.{% ifversion fpt or ghes > 3.1 or ghec %} Las características de seguridad incluyen aquellas de {% data variables.product.prodname_GH_advanced_security %}, como el {% data variables.product.prodname_code_scanning %} y el {% data variables.product.prodname_secret_scanning %}, así como las {% data variables.product.prodname_dependabot_alerts %}.{% endif %} Para obtener más información sobre las características de la {% data variables.product.prodname_GH_advanced_security %}, consulta la sección "[Acerca de la {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)".{% ifversion fpt or ghes > 3.1 or ghec %} Para obtener más información sobre las {% data variables.product.prodname_dependabot_alerts %}, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)".{% endif %}
+The security overview indicates whether {% ifversion fpt or ghes > 3.1 or ghec %}security{% endif %}{% ifversion ghae %}{% data variables.product.prodname_GH_advanced_security %}{% endif %} features are enabled for repositories owned by your organization and consolidates alerts for each feature.{% ifversion fpt or ghes > 3.1 or ghec %} Security features include {% data variables.product.prodname_GH_advanced_security %} features, such as {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}, as well as {% data variables.product.prodname_dependabot_alerts %}.{% endif %} For more information about {% data variables.product.prodname_GH_advanced_security %} features, see "[About {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)."{% ifversion fpt or ghes > 3.1 or ghec %} For more information about {% data variables.product.prodname_dependabot_alerts %}, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)."{% endif %}
 
 Para obtener más información sobre cómo proteger tu código a nivel de repositorio u organización, consulta las secciones "[Proteger tu repositorio](/code-security/getting-started/securing-your-repository)" y "[Proteger tu organización](/code-security/getting-started/securing-your-organization)".
 
@@ -54,7 +54,7 @@ Para cada repositorio en el resumen de seguridad, verás iconos de cada tipo de
 | ------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | {% octicon "code-square" aria-label="Code scanning alerts" %} | Alertas de {% data variables.product.prodname_code_scanning_capc %}. Para obtener más información, consulta la sección "[Acerca del {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/about-code-scanning)".          |
 | {% octicon "key" aria-label="Secret scanning alerts" %}       | alertas del {% data variables.product.prodname_secret_scanning_caps %}. Para obtener más información, consulta la sección "[Acerca del {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/about-secret-scanning)". |
-| {% octicon "hubot" aria-label="Dependabot alerts" %}          | {% data variables.product.prodname_dependabot_alerts %}. Para obtener más información, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)".  |
+| {% octicon "hubot" aria-label="Dependabot alerts" %}          | {% data variables.product.prodname_dependabot_alerts %}. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."                  |
 | {% octicon "check" aria-label="Check" %}                      | La característica de seguridad se habilitó pero no levanta alertas en este repositorio.                                                                                                                                                                   |
 | {% octicon "x" aria-label="x" %}                              | La característica de seguridad no es compatible con este repositorio.                                                                                                                                                                                     |
 
diff --git a/translations/es-ES/content/code-security/supply-chain-security/index.md b/translations/es-ES/content/code-security/supply-chain-security/index.md
index d21ada7e428a..25c7cbfb6949 100644
--- a/translations/es-ES/content/code-security/supply-chain-security/index.md
+++ b/translations/es-ES/content/code-security/supply-chain-security/index.md
@@ -16,8 +16,6 @@ topics:
   - Repositories
 children:
   - /understanding-your-software-supply-chain
-  - /keeping-your-dependencies-updated-automatically
-  - /managing-vulnerabilities-in-your-projects-dependencies
   - /end-to-end-supply-chain
 ---
 
diff --git a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates.md b/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates.md
deleted file mode 100644
index 0a2e98654aee..000000000000
--- a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates.md
+++ /dev/null
@@ -1,68 +0,0 @@
----
-title: About Dependabot version updates
-intro: 'You can use {% data variables.product.prodname_dependabot %} to keep the packages you use updated to the latest versions.'
-redirect_from:
-  - /github/administering-a-repository/about-dependabot
-  - /github/administering-a-repository/about-github-dependabot
-  - /github/administering-a-repository/about-github-dependabot-version-updates
-  - /github/administering-a-repository/about-dependabot-version-updates
-  - /code-security/supply-chain-security/about-dependabot-version-updates
-  - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/upgrading-from-dependabotcom-to-github-native-dependabot
-versions:
-  fpt: '*'
-  ghec: '*'
-  ghes: '> 3.2'
-type: overview
-topics:
-  - Dependabot
-  - Version updates
-  - Repositories
-  - Dependencies
-  - Pull requests
-shortTitle: Dependabot version updates
----
-
-{% data reusables.dependabot.beta-security-and-version-updates %}
-{% data reusables.dependabot.enterprise-enable-dependabot %}
-
-## About {% data variables.product.prodname_dependabot_version_updates %}
-
-{% data variables.product.prodname_dependabot %} takes the effort out of maintaining your dependencies. You can use it to ensure that your repository automatically keeps up with the latest releases of the packages and applications it depends on.
-
-You enable {% data variables.product.prodname_dependabot_version_updates %} by checking a configuration file into your repository. The configuration file specifies the location of the manifest, or of other package definition files, stored in your repository. {% data variables.product.prodname_dependabot %} uses this information to check for outdated packages and applications. {% data variables.product.prodname_dependabot %} determines if there is a new version of a dependency by looking at the semantic versioning ([semver](https://semver.org/)) of the dependency to decide whether it should update to that version. For certain package managers, {% data variables.product.prodname_dependabot_version_updates %} also supports vendoring. Vendored (or cached) dependencies are dependencies that are checked in to a specific directory in a repository rather than referenced in a manifest. Vendored dependencies are available at build time even if package servers are unavailable. {% data variables.product.prodname_dependabot_version_updates %} can be configured to check vendored dependencies for new versions and update them if necessary. 
-
-When {% data variables.product.prodname_dependabot %} identifies an outdated dependency, it raises a pull request to update the manifest to the latest version of the dependency. For vendored dependencies, {% data variables.product.prodname_dependabot %} raises a pull request to replace the outdated dependency with the new version directly. You check that your tests pass, review the changelog and release notes included in the pull request summary, and then merge it. For more information, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)."
-
-If you enable _security updates_, {% data variables.product.prodname_dependabot %} also raises pull requests to update vulnerable dependencies. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)."
-
-{% data reusables.dependabot.pull-request-security-vs-version-updates %}
-
-{% data reusables.dependabot.dependabot-tos %}
-
-## Frequency of {% data variables.product.prodname_dependabot %} pull requests
-
-You specify how often to check each ecosystem for new versions in the configuration file: daily, weekly, or monthly.
-
-{% data reusables.dependabot.initial-updates %}
-
-If you've enabled security updates, you'll sometimes see extra pull requests for security updates. These are triggered by a {% data variables.product.prodname_dependabot %} alert for a dependency on your default branch. {% data variables.product.prodname_dependabot %} automatically raises a pull request to update the vulnerable dependency.
-
-## Supported repositories and ecosystems
-<!-- If you make changes to this feature, update /getting-started-with-github/github-language-support to reflect any changes to supported repositories or ecosystems. -->
-
-You can configure version updates for repositories that contain a dependency manifest or lock file for one of the supported package managers. For some package managers, you can also configure vendoring for dependencies. For more information, see "[Configuration options for dependency updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#vendor)."
-{% note %}
-
-{% data reusables.dependabot.private-dependencies-note %} 
-
-{% data variables.product.prodname_dependabot %} doesn't support private {% data variables.product.prodname_dotcom %} dependencies for all package managers. See the details in the table below.
-
-{% endnote %}
-
-{% data reusables.dependabot.supported-package-managers %}
-
-If your repository already uses an integration for dependency management, you will need to disable this before enabling {% data variables.product.prodname_dependabot %}. {% ifversion fpt or ghec %}For more information, see "[About integrations](/github/customizing-your-github-workflow/about-integrations)."{% endif %}
-
-## About notifications for {% data variables.product.prodname_dependabot %} version updates
-
-You can filter your notifications on {% data variables.product.company_short %} to show notifications for pull requests created by {% data variables.product.prodname_dependabot %}. For more information, see "[Managing notifications from your inbox](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox)."
diff --git a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions.md b/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions.md
deleted file mode 100644
index 9b97e577a9dc..000000000000
--- a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions.md
+++ /dev/null
@@ -1,555 +0,0 @@
----
-title: Automating Dependabot with GitHub Actions
-intro: 'Examples of how you can use {% data variables.product.prodname_actions %} to automate common {% data variables.product.prodname_dependabot %} related tasks.'
-permissions: 'People with write permissions to a repository can configure {% data variables.product.prodname_actions %} to respond to {% data variables.product.prodname_dependabot %}-created pull requests.'
-miniTocMaxHeadingLevel: 3
-versions:
-  fpt: '*'
-  ghec: '*'
-  ghes: '>3.2'
-type: how_to
-topics:
-  - Actions
-  - Dependabot
-  - Version updates
-  - Security updates
-  - Repositories
-  - Dependencies
-  - Pull requests
-shortTitle: Use Dependabot with Actions
----
-
-{% data reusables.dependabot.beta-security-and-version-updates %}
-{% data reusables.dependabot.enterprise-enable-dependabot %}
-
-## About {% data variables.product.prodname_dependabot %} and {% data variables.product.prodname_actions %}
-
-{% data variables.product.prodname_dependabot %} creates pull requests to keep your dependencies up to date, and you can use {% data variables.product.prodname_actions %} to perform automated tasks when these pull requests are created. For example, fetch additional artifacts, add labels, run tests, or otherwise modifying the pull request.
-
-## Responding to events
-
-{% data variables.product.prodname_dependabot %} is able to trigger {% data variables.product.prodname_actions %} workflows on its pull requests and comments; however, certain events are treated differently.
-
-{% ifversion fpt or ghec or ghes > 3.3 or ghae-issue-5792 %}
-For workflows initiated by {% data variables.product.prodname_dependabot %} (`github.actor == "dependabot[bot]"`) using the `pull_request`, `pull_request_review`, `pull_request_review_comment`, `push`, `create`, `deployment`, and `deployment_status` events, the following restrictions apply:
-{% endif %}
-
-- {% ifversion ghes = 3.3 %}`GITHUB_TOKEN` has read-only permissions, unless your administrator has removed restrictions.{% else %}`GITHUB_TOKEN` has read-only permissions by default.{% endif %}
-- {% ifversion ghes = 3.3 %}Secrets are inaccessible, unless your administrator has removed restrictions.{% else %}Secrets are populated from {% data variables.product.prodname_dependabot %} secrets. {% data variables.product.prodname_actions %} secrets are not available.{% endif %}
-
-{% ifversion fpt or ghec or ghes > 3.3 or ghae-issue-5792 %}
-For workflows initiated by {% data variables.product.prodname_dependabot %} (`github.actor == "dependabot[bot]"`) using the `pull_request_target` event, if the base ref of the pull request was created by {% data variables.product.prodname_dependabot %} (`github.actor == "dependabot[bot]"`), the `GITHUB_TOKEN` will be read-only and secrets are not available.
-{% endif %}
-
-For more information, see ["Keeping your GitHub Actions and workflows secure: Preventing pwn requests"](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/).
-
-{% ifversion fpt or ghec or ghes > 3.3 %}
-
-### Changing `GITHUB_TOKEN` permissions
-
-By default, {% data variables.product.prodname_actions %} workflows triggered by {% data variables.product.prodname_dependabot %} get a `GITHUB_TOKEN` with read-only permissions. You can use the `permissions` key in your workflow to increase the access for the token:
-
-{% raw %}
-
-```yaml
-name: CI
-on: pull_request
-
-# Set the access for individual scopes, or use permissions: write-all
-permissions:
-  pull-requests: write
-  issues: write
-  repository-projects: write
-  ...
-
-jobs:
-  ...
-```
-
-{% endraw %}
-
-For more information, see "[Modifying the permissions for the GITHUB_TOKEN](/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token)."
-
-### Accessing secrets
-
-When a {% data variables.product.prodname_dependabot %} event triggers a workflow, the only secrets available to the workflow are {% data variables.product.prodname_dependabot %} secrets. {% data variables.product.prodname_actions %} secrets are not available. Consequently, you must store any secrets that are used by a workflow triggered by {% data variables.product.prodname_dependabot %} events as {% data variables.product.prodname_dependabot %} secrets. For more information, see "[Managing encrypted secrets for Dependabot](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot)".
-
-{% data variables.product.prodname_dependabot %} secrets are added to the `secrets` context and referenced using exactly the same syntax as secrets for {% data variables.product.prodname_actions %}. For more information, see "[Encrypted secrets](/actions/security-guides/encrypted-secrets#using-encrypted-secrets-in-a-workflow)."
-
-If you have a workflow that will be triggered by {% data variables.product.prodname_dependabot %} and also by other actors, the simplest solution is to store the token with the permissions required in an action and in a {% data variables.product.prodname_dependabot %} secret with identical names. Then the workflow can include a single call to these secrets. If the secret for {% data variables.product.prodname_dependabot %} has a different name, use conditions to specify the correct secrets for different actors to use. For examples that use conditions, see "[Common automations](#common-dependabot-automations)" below.
-
-To access a private container registry on AWS with a user name and password, a workflow must include a secret for `username` and `password`. In the example below, when {% data variables.product.prodname_dependabot %} triggers the workflow, the {% data variables.product.prodname_dependabot %} secrets with the names `READONLY_AWS_ACCESS_KEY_ID` and `READONLY_AWS_ACCESS_KEY` are used. If another actor triggers the workflow, the actions secrets with those names are used.
-
-{% raw %}
-
-```yaml
-name: CI
-on:
-  pull_request:
-    branches: [ main ]
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v2
-
-      - name: Login to private container registry for dependencies
-        uses: docker/login-action@v1
-        with:
-          registry: https://1234567890.dkr.ecr.us-east-1.amazonaws.com
-          username: ${{ secrets.READONLY_AWS_ACCESS_KEY_ID }}
-          password: ${{ secrets.READONLY_AWS_ACCESS_KEY }}
-
-      - name: Build the Docker image
-        run: docker build . --file Dockerfile --tag my-image-name:$(date +%s)
-```
-
-{% endraw %}
-
-{% endif %}
-
-{% ifversion ghes = 3.3 %}
-
-{% note %}
-
-**Note:** Your site administrator can override these restrictions for {% data variables.product.product_location %}. For more information, see "[Troubleshooting {% data variables.product.prodname_actions %} for your enterprise](/admin/github-actions/advanced-configuration-and-troubleshooting/troubleshooting-github-actions-for-your-enterprise#troubleshooting-failures-when-dependabot-triggers-existing-workflows)."
-
-If the restrictions are removed, when a workflow is triggered by {% data variables.product.prodname_dependabot %} it will have access to {% data variables.product.prodname_actions %} secrets and can use the `permissions` term to increase the default scope of the `GITHUB_TOKEN` from read-only access. You can ignore the specific steps in the "Handling `pull_request` events" and "Handling `push` events" sections, as it no longer applies.
-
-{% endnote %}
-
-### Handling `pull_request` events
-
-If your workflow needs access to secrets or a `GITHUB_TOKEN` with write permissions, you have two options: using `pull_request_target`, or using two separate workflows. We will detail using `pull_request_target` in this section, and using two workflows below in "[Handling `push` events](#handling-push-events)."
-
-Below is a simple example of a `pull_request` workflow that might now be failing:
-
-{% raw %}
-
-```yaml
-### This workflow now has no secrets and a read-only token
-name: Dependabot Workflow
-on:
-  pull_request
-
-jobs:
-  dependabot:
-    runs-on: ubuntu-latest
-    # Always check the actor is Dependabot to prevent your workflow from failing on non-Dependabot PRs
-    if: ${{ github.actor == 'dependabot[bot]' }}
-    steps:
-      - uses: actions/checkout@v2
-```
-
-{% endraw %}
-
-You can replace `pull_request` with `pull_request_target`, which is used for pull requests from forks, and explicitly check out the pull request `HEAD`.
-
-{% warning %}
-
-**Warning:** Using `pull_request_target` as a substitute for `pull_request` exposes you to insecure behavior. We recommend you use the two workflow method, as described below in "[Handling `push` events](#handling-push-events)."
-
-{% endwarning %}
-
-{% raw %}
-
-```yaml
-### This workflow has access to secrets and a read-write token
-name: Dependabot Workflow
-on:
-  pull_request_target
-
-permissions:
-  # Downscope as necessary, since you now have a read-write token
-
-jobs:
-  dependabot:
-    runs-on: ubuntu-latest
-    if: ${{ github.actor == 'dependabot[bot]' }}
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          # Check out the pull request HEAD
-          ref: ${{ github.event.pull_request.head.sha }}
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-```
-
-{% endraw %}
-
-It is also strongly recommended that you downscope the permissions granted to the `GITHUB_TOKEN` in order to avoid leaking a token with more privilege than necessary. For more information, see "[Permissions for the `GITHUB_TOKEN`](/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token)."
-
-### Handling `push` events
-
-As there is no `pull_request_target` equivalent for `push` events, you will have to use two workflows: one untrusted workflow that ends by uploading artifacts, which triggers a second trusted workflow that downloads artifacts and continues processing.
-
-The first workflow performs any untrusted work:
-
-{% raw %}
-
-```yaml
-### This workflow doesn't have access to secrets and has a read-only token
-name: Dependabot Untrusted Workflow
-on:
-  push
-
-jobs:
-  check-dependabot:
-    runs-on: ubuntu-latest
-    if: ${{ github.actor == 'dependabot[bot]' }}
-    steps:
-      - uses: ...
-```
-
-{% endraw %}
-
-The second workflow performs trusted work after the first workflow completes successfully:
-
-{% raw %}
-
-```yaml
-### This workflow has access to secrets and a read-write token
-name: Dependabot Trusted Workflow
-on:
-  workflow_run:
-    workflows: ["Dependabot Untrusted Workflow"]
-    types:
-      - completed
-
-permissions:
-  # Downscope as necessary, since you now have a read-write token
-
-jobs:
-  dependabot:
-    runs-on: ubuntu-latest
-    if: ${{ github.event.workflow_run.conclusion == 'success' }}
-    steps:
-      - uses: ...
-```
-
-{% endraw %}
-
-{% endif %}
-
-### Manually re-running a workflow
-
-You can also manually re-run a failed Dependabot workflow, and it will run with a read-write token and access to secrets. Before manually re-running a failed workflow, you should always check the dependency being updated to ensure that the change doesn't introduce any malicious or unintended behavior.
-
-## Common Dependabot automations
-
-Here are several common scenarios that can be automated using {% data variables.product.prodname_actions %}.
-
-{% ifversion ghes = 3.3 %}
-
-{% note %}
-
-**Note:** If your site administrator has overridden restrictions for {% data variables.product.prodname_dependabot %} on {% data variables.product.product_location %}, you can use `pull_request` instead of `pull_request_target` in the following workflows.
-
-{% endnote %}
-
-{% endif %}
-
-### Fetch metadata about a pull request
-
-A large amount of automation requires knowing information about the contents of the pull request: what the dependency name was, if it's a production dependency, and if it's a major, minor, or patch update.
-
-The `dependabot/fetch-metadata` action provides all that information for you:
-
-{% ifversion ghes = 3.3 %}
-
-{% raw %}
-
-```yaml
-name: Dependabot fetch metadata
-on: pull_request_target
-
-permissions:
-  pull-requests: write
-  issues: write
-  repository-projects: write
-
-jobs:
-  dependabot:
-    runs-on: ubuntu-latest
-    if: ${{ github.actor == 'dependabot[bot]' }}
-    steps:
-      - name: Dependabot metadata
-        id: dependabot-metadata
-        uses: dependabot/fetch-metadata@v1.1.1
-        with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
-      # The following properties are now available:
-      #  - steps.dependabot-metadata.outputs.dependency-names
-      #  - steps.dependabot-metadata.outputs.dependency-type
-      #  - steps.dependabot-metadata.outputs.update-type      
-```
-
-{% endraw %}
-
-{% else %}
-
-{% raw %}
-
-```yaml
-name: Dependabot fetch metadata
-on: pull_request
-
-permissions:
-  pull-requests: write
-  issues: write
-  repository-projects: write
-
-jobs:
-  dependabot:
-    runs-on: ubuntu-latest
-    if: ${{ github.actor == 'dependabot[bot]' }}
-    steps:
-      - name: Dependabot metadata
-        id: metadata
-        uses: dependabot/fetch-metadata@v1.1.1
-        with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
-      # The following properties are now available:
-      #  - steps.metadata.outputs.dependency-names
-      #  - steps.metadata.outputs.dependency-type
-      #  - steps.metadata.outputs.update-type      
-```
-
-{% endraw %}
-
-{% endif %}
-
-For more information, see the [`dependabot/fetch-metadata`](https://github.com/dependabot/fetch-metadata) repository.
-
-### Label a pull request
-
-If you have other automation or triage workflows based on {% data variables.product.prodname_dotcom %} labels, you can configure an action to assign labels based on the metadata provided.
-
-For example, if you want to flag all production dependency updates with a label:
-
-{% ifversion ghes = 3.3 %}
-
-{% raw %}
-
-```yaml
-name: Dependabot auto-label
-on: pull_request_target
-
-permissions:
-  pull-requests: write
-  issues: write
-  repository-projects: write
-
-jobs:
-  dependabot:
-    runs-on: ubuntu-latest
-    if: ${{ github.actor == 'dependabot[bot]' }}
-    steps:
-      - name: Dependabot metadata
-        id: dependabot-metadata
-        uses: dependabot/fetch-metadata@v1.1.1
-        with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
-      - name: Add a label for all production dependencies
-        if: ${{ steps.dependabot-metadata.outputs.dependency-type == 'direct:production' }}
-        run: gh pr edit "$PR_URL" --add-label "production"
-        env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-```
-
-{% endraw %}
-
-{% else %}
-
-{% raw %}
-
-```yaml
-name: Dependabot auto-label
-on: pull_request
-
-permissions:
-  pull-requests: write
-  issues: write
-  repository-projects: write
-
-jobs:
-  dependabot:
-    runs-on: ubuntu-latest
-    if: ${{ github.actor == 'dependabot[bot]' }}
-    steps:
-      - name: Dependabot metadata
-        id: metadata
-        uses: dependabot/fetch-metadata@v1.1.1
-        with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
-      - name: Add a label for all production dependencies
-        if: ${{ steps.metadata.outputs.dependency-type == 'direct:production' }}
-        run: gh pr edit "$PR_URL" --add-label "production"
-        env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-```
-
-{% endraw %}
-
-{% endif %}
-
-### Approve a pull request
-
-If you want to automatically approve Dependabot pull requests, you can use the {% data variables.product.prodname_cli %} in a workflow:
-
-{% ifversion ghes = 3.3 %}
-
-{% raw %}
-
-```yaml
-name: Dependabot auto-approve
-on: pull_request_target
-
-permissions:
-  pull-requests: write
-
-jobs:
-  dependabot:
-    runs-on: ubuntu-latest
-    if: ${{ github.actor == 'dependabot[bot]' }}
-    steps:
-      - name: Dependabot metadata
-        id: dependabot-metadata
-        uses: dependabot/fetch-metadata@v1.1.1
-        with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
-      - name: Approve a PR
-        run: gh pr review --approve "$PR_URL"
-        env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
-```
-
-{% endraw %}
-
-{% else %}
-
-{% raw %}
-
-```yaml
-name: Dependabot auto-approve
-on: pull_request
-
-permissions:
-  pull-requests: write
-
-jobs:
-  dependabot:
-    runs-on: ubuntu-latest
-    if: ${{ github.actor == 'dependabot[bot]' }}
-    steps:
-      - name: Dependabot metadata
-        id: metadata
-        uses: dependabot/fetch-metadata@v1.1.1
-        with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
-      - name: Approve a PR
-        run: gh pr review --approve "$PR_URL"
-        env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
-```
-
-{% endraw %}
-
-{% endif %}
-
-### Enable auto-merge on a pull request
-
-If you want to auto-merge your pull requests, you can use {% data variables.product.prodname_dotcom %}'s auto-merge functionality. This enables the pull request to be merged when all required tests and approvals are successfully met. For more information on auto-merge, see "[Automatically merging a pull request"](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/automatically-merging-a-pull-request)."
-
-Here is an example of enabling auto-merge for all patch updates to `my-dependency`:
-
-{% ifversion ghes = 3.3 %}
-
-{% raw %}
-
-```yaml
-name: Dependabot auto-merge
-on: pull_request_target
-
-permissions:
-  pull-requests: write
-  contents: write
-
-jobs:
-  dependabot:
-    runs-on: ubuntu-latest
-    if: ${{ github.actor == 'dependabot[bot]' }}
-    steps:
-      - name: Dependabot metadata
-        id: dependabot-metadata
-        uses: dependabot/fetch-metadata@v1.1.1
-        with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
-      - name: Enable auto-merge for Dependabot PRs
-        if: ${{contains(steps.dependabot-metadata.outputs.dependency-names, 'my-dependency') && steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch'}}
-        run: gh pr merge --auto --merge "$PR_URL"
-        env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
-```
-
-{% endraw %}
-
-{% else %}
-
-{% raw %}
-
-```yaml
-name: Dependabot auto-merge
-on: pull_request
-
-permissions:
-  pull-requests: write
-  contents: write
-
-jobs:
-  dependabot:
-    runs-on: ubuntu-latest
-    if: ${{ github.actor == 'dependabot[bot]' }}
-    steps:
-      - name: Dependabot metadata
-        id: metadata
-        uses: dependabot/fetch-metadata@v1.1.1
-        with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
-      - name: Enable auto-merge for Dependabot PRs
-        if: ${{contains(steps.metadata.outputs.dependency-names, 'my-dependency') && steps.metadata.outputs.update-type == 'version-update:semver-patch'}}
-        run: gh pr merge --auto --merge "$PR_URL"
-        env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
-```
-
-{% endraw %}
-
-{% endif %}
-
-## Troubleshooting failed workflow runs
-
-If your workflow run fails, check the following:
-
-{% ifversion ghes = 3.3 %}
-
-- You are running the workflow only when the correct actor triggers it.
-- You are checking out the correct `ref` for your `pull_request`.
-- You aren't trying to access secrets from within a Dependabot-triggered `pull_request`, `pull_request_review`, `pull_request_review_comment`, or `push` event.
-- You aren't trying to perform any `write` actions from within a Dependabot-triggered `pull_request`, `pull_request_review`, `pull_request_review_comment`, or `push` event.
-
-{% else %}
-
-- You are running the workflow only when the correct actor triggers it.
-- You are checking out the correct `ref` for your `pull_request`.
-- Your secrets are available in {% data variables.product.prodname_dependabot %} secrets rather than as {% data variables.product.prodname_actions %} secrets.
-- You have a `GITHUB_TOKEN` with the correct permissions.
-
-{% endif %}
-
-For information on writing and debugging {% data variables.product.prodname_actions %}, see "[Learning GitHub Actions](/actions/learn-github-actions)."
diff --git a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates.md b/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates.md
deleted file mode 100644
index 4e18304d1ae4..000000000000
--- a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates.md
+++ /dev/null
@@ -1,967 +0,0 @@
----
-title: Configuration options for dependency updates
-intro: 'Detailed information for all the options you can use to customize how {% data variables.product.prodname_dependabot %} maintains your repositories.'
-permissions: 'People with write permissions to a repository can configure {% data variables.product.prodname_dependabot %} for the repository.'
-redirect_from:
-  - /github/administering-a-repository/configuration-options-for-dependency-updates
-  - /code-security/supply-chain-security/configuration-options-for-dependency-updates
-miniTocMaxHeadingLevel: 3
-versions:
-  fpt: '*'
-  ghec: '*'
-  ghes: '>3.2'
-type: reference
-topics:
-  - Dependabot
-  - Version updates
-  - Repositories
-  - Dependencies
-  - Pull requests
-shortTitle: Configuration options
----
-
-{% data reusables.dependabot.beta-security-and-version-updates %}
-{% data reusables.dependabot.enterprise-enable-dependabot %}
-
-## About the *dependabot.yml* file
-
-The {% data variables.product.prodname_dependabot %} configuration file, *dependabot.yml*, uses YAML syntax. If you're new to YAML and want to learn more, see "[Learn YAML in five minutes](https://www.codeproject.com/Articles/1214409/Learn-YAML-in-five-minutes)."
-
-You must store this file in the `.github` directory of your repository. When you add or update the *dependabot.yml* file, this triggers an immediate check for version updates. For more information and an example, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates#enabling-dependabot-version-updates)."
-
-Any options that also affect security updates are used the next time a security alert triggers a pull request for a security update.  For more information, see "[Configuring {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates)."
-
-The *dependabot.yml* file has two mandatory top-level keys: `version`, and `updates`. You can, optionally, include a top-level `registries` key. The file must start with `version: 2`.
-
-## Configuration options for updates
-
-The top-level `updates` key is mandatory. You use it to configure how {% data variables.product.prodname_dependabot %} updates the versions or your project's dependencies. Each entry configures the update settings for a particular package manager. You can use the following options.
-
-| Option | Required | Description |
-|:---|:---:|:---|
-| [`package-ecosystem`](#package-ecosystem)                     | **X** | Package manager to use                |
-| [`directory`](#directory)                                     | **X** | Location of package manifests         |
-| [`schedule.interval`](#scheduleinterval)                      | **X** | How often to check for updates        |
-| [`allow`](#allow)                                             | | Customize which updates are allowed         |
-| [`assignees`](#assignees)                                     | | Assignees to set on pull requests           |
-| [`commit-message`](#commit-message)                           | | Commit message preferences                  |
-| [`ignore`](#ignore)                                           | | Ignore certain dependencies or versions     |
-| [`insecure-external-code-execution`](#insecure-external-code-execution) | | Allow or deny code execution in manifest files |
-| [`labels`](#labels)                                           | | Labels to set on pull requests              |
-| [`milestone`](#milestone)                                     | | Milestone to set on pull requests           |
-| [`open-pull-requests-limit`](#open-pull-requests-limit)       | | Limit number of open pull requests for version updates|
-| [`pull-request-branch-name.separator`](#pull-request-branch-nameseparator) | | Change separator for pull request branch names |
-| [`rebase-strategy`](#rebase-strategy)                         | | Disable automatic rebasing                  |
-| [`registries`](#registries)                                   | | Private registries that {% data variables.product.prodname_dependabot %} can access|
-| [`reviewers`](#reviewers)                                     | | Reviewers to set on pull requests           |
-| [`schedule.day`](#scheduleday)                                | | Day of week to check for updates            |
-| [`schedule.time`](#scheduletime)                              | | Time of day to check for updates (hh:mm)    |
-| [`schedule.timezone`](#scheduletimezone)                      | | Timezone for time of day (zone identifier)  |
-| [`target-branch`](#target-branch)                             | | Branch to create pull requests against      |
-| [`vendor`](#vendor)                                           | | Update vendored or cached dependencies      |
-| [`versioning-strategy`](#versioning-strategy)                 | | How to update manifest version requirements |
-
-These options fit broadly into the following categories.
-
-- Essential set up options that you must include in all configurations: [`package-ecosystem`](#package-ecosystem), [`directory`](#directory),[`schedule.interval`](#scheduleinterval).
-- Options to customize the update schedule: [`schedule.time`](#scheduletime), [`schedule.timezone`](#scheduletimezone), [`schedule.day`](#scheduleday).
-- Options to control which dependencies are updated: [`allow`](#allow), [`ignore`](#ignore), [`vendor`](#vendor).
-- Options to add metadata to pull requests: [`reviewers`](#reviewers), [`assignees`](#assignees), [`labels`](#labels), [`milestone`](#milestone).
-- Options to change the behavior of the pull requests: [`target-branch`](#target-branch), [`versioning-strategy`](#versioning-strategy), [`commit-message`](#commit-message), [`rebase-strategy`](#rebase-strategy), [`pull-request-branch-name.separator`](#pull-request-branch-nameseparator).
-
-In addition, the [`open-pull-requests-limit`](#open-pull-requests-limit) option changes the maximum number of pull requests for version updates that {% data variables.product.prodname_dependabot %} can open.
-
-{% note %}
-
-**Note:** Some of these configuration options may also affect pull requests raised for security updates of vulnerable package manifests.
-
-Security updates are raised for vulnerable package manifests only on the default branch. When configuration options are set for the same branch (true unless you use `target-branch`), and specify a `package-ecosystem` and `directory` for the vulnerable manifest, then pull requests for security updates use relevant options.
-
-In general, security updates use any configuration options that affect pull requests, for example, adding metadata or changing their behavior. For more information about security updates, see "[Configuring {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates)."
-
-{% endnote %}
-
-### `package-ecosystem`
-
-**Required**. You add one `package-ecosystem` element for each package manager that you want {% data variables.product.prodname_dependabot %} to monitor for new versions. The repository must also contain a dependency manifest or lock file for each of these package managers. If you want to enable vendoring for a package manager that supports it, the vendored dependencies must be located in the required directory. For more information, see [`vendor`](#vendor) below.
-
-{% data reusables.dependabot.supported-package-managers %}
-
-```yaml
-# Basic set up for three package managers
-
-version: 2
-updates:
-
-  # Maintain dependencies for GitHub Actions
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "daily"
-
-  # Maintain dependencies for npm
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "daily"
-
-  # Maintain dependencies for Composer
-  - package-ecosystem: "composer"
-    directory: "/"
-    schedule:
-      interval: "daily"
-```
-
-### `directory`
-
-**Required**. You must define the location of the package manifests for each package manager (for example, the *package.json* or *Gemfile*). You define the directory relative to the root of the repository for all ecosystems except GitHub Actions. For GitHub Actions, set the directory to `/` to check for workflow files in `.github/workflows`.
-
-```yaml
-# Specify location of manifest files for each package manager
-
-version: 2
-updates:
-  - package-ecosystem: "composer"
-    # Files stored in repository root
-    directory: "/"
-    schedule:
-      interval: "daily"
-
-  - package-ecosystem: "npm"
-    # Files stored in `app` directory
-    directory: "/app"
-    schedule:
-      interval: "daily"
-
-  - package-ecosystem: "github-actions"
-    # Workflow files stored in the
-    # default location of `.github/workflows`
-    directory: "/"
-    schedule:
-      interval: "daily"
-```
-
-### `schedule.interval`
-
-**Required**. You must define how often to check for new versions for each package manager. By default, {% data variables.product.prodname_dependabot %} randomly assigns a time to apply all the updates in the configuration file. To set a specific time, you can use [`schedule.time`](#scheduletime) and [`schedule.timezone`](#scheduletimezone).
-
-- `daily`—runs on every weekday, Monday to Friday.
-- `weekly`—runs once each week. By default, this is on Monday. To modify this, use [`schedule.day`](#scheduleday).
-- `monthly`—runs once each month. This is on the first day of the month.
-
-```yaml
-# Set update schedule for each package manager
-
-version: 2
-updates:
-
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      # Check for updates to GitHub Actions every weekday
-      interval: "daily"
-
-  - package-ecosystem: "composer"
-    directory: "/"
-    schedule:
-      # Check for updates managed by Composer once a week
-      interval: "weekly"
-```
-
-{% note %}
-
-**Note**: `schedule` defines when {% data variables.product.prodname_dependabot %} attempts a new update. However, it's not the only time you may receive pull requests. Updates can be triggered based on changes to your `dependabot.yml` file, changes to your manifest file(s) after a failed update, or {% data variables.product.prodname_dependabot_security_updates %}. For more information, see "[Frequency of {% data variables.product.prodname_dependabot %} pull requests](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates#frequency-of-dependabot-pull-requests)" and "[About {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)."
-
-{% endnote %}
-
-### `allow`
-
-{% data reusables.dependabot.default-dependencies-allow-ignore %}
-
-Use the `allow` option to customize which dependencies are updated. This applies to both version and security updates. You can use the following options:
-
-- `dependency-name`—use to allow updates for dependencies with matching names, optionally using `*` to match zero or more characters. For Java dependencies, the format of the `dependency-name` attribute is: `groupId:artifactId`, for example: `org.kohsuke:github-api`.
-- `dependency-type`—use to allow updates for dependencies of specific types.
-
-  | Dependency types | Supported by package managers | Allow updates |
-  |------------------|-------------------------------|--------|
-  | `direct` | All | All explicitly defined dependencies. |
-  | `indirect` | `bundler`, `pip`, `composer`, `cargo` | Dependencies of direct dependencies (also known as sub-dependencies, or transient dependencies).|
-  | `all` | All | All explicitly defined dependencies. For `bundler`, `pip`, `composer`, `cargo`, also the dependencies of direct dependencies.|
-  | `production` | `bundler`, `composer`, `mix`, `maven`, `npm`, `pip` | Only dependencies in the "Production dependency group". |
-  | `development`| `bundler`, `composer`, `mix`, `maven`, `npm`, `pip` | Only dependencies in the "Development dependency group". |
-
-```yaml
-# Use `allow` to specify which dependencies to maintain
-
-version: 2
-updates:
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    allow:
-      # Allow updates for Lodash
-      - dependency-name: "lodash"
-      # Allow updates for React and any packages starting "react"
-      - dependency-name: "react*"
-
-  - package-ecosystem: "composer"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    allow:
-      # Allow both direct and indirect updates for all packages
-      - dependency-type: "all"
-
-  - package-ecosystem: "pip"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    allow:
-      # Allow only direct updates for
-      # Django and any packages starting "django"
-      - dependency-name: "django*"
-        dependency-type: "direct"
-      # Allow only production updates for Sphinx
-      - dependency-name: "sphinx"
-        dependency-type: "production"
-```
-
-### `assignees`
-
-Use `assignees` to specify individual assignees for all pull requests raised for a package manager.
-
-{% data reusables.dependabot.option-affects-security-updates %}
-
-```yaml
-# Specify assignees for pull requests
-
-version: 2
-updates:
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    # Add assignees
-    assignees:
-      - "octocat"
-```
-
-### `commit-message`
-
-By default, {% data variables.product.prodname_dependabot %} attempts to detect your commit message preferences and use similar patterns. Use the `commit-message` option to specify your preferences explicitly.
-
-Supported options
-
-- `prefix` specifies a prefix for all commit messages.
-- `prefix-development` specifies a separate prefix for all commit messages that update dependencies in the Development dependency group. When you specify a value for this option, the `prefix` is used only for updates to dependencies in the Production dependency group. This is supported by: `bundler`, `composer`, `mix`, `maven`, `npm`, and `pip`.
-- `include: "scope"` specifies that any prefix is followed by a list of the dependencies updated in the commit.
-
-{% data reusables.dependabot.option-affects-security-updates %}
-
-```yaml
-# Customize commit messages
-
-version: 2
-updates:
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    commit-message:
-      # Prefix all commit messages with "npm"
-      prefix: "npm"
-
-  - package-ecosystem: "composer"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    # Prefix all commit messages with "Composer"
-    # include a list of updated dependencies
-    commit-message:
-      prefix: "Composer"
-      include: "scope"
-
-  - package-ecosystem: "pip"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    # Include a list of updated dependencies
-    # with a prefix determined by the dependency group
-    commit-message:
-      prefix: "pip prod"
-      prefix-development: "pip dev"
-      include: "scope"
-```
-
-### `ignore`
-
-{% data reusables.dependabot.default-dependencies-allow-ignore %}
-
-Dependencies can be ignored either by adding them to `ignore` or by using the `@dependabot ignore` command on a pull request opened by {% data variables.product.prodname_dependabot %}.
-
-#### Creating `ignore` conditions from `@dependabot ignore`
-
-Dependencies ignored by using the `@dependabot ignore` command are stored centrally for each package manager. If you start ignoring dependencies in the `dependabot.yml` file, these existing preferences are considered alongside the `ignore` dependencies in the configuration.
-
-You can check whether a repository has stored `ignore` preferences by searching the repository for `"@dependabot ignore" in:comments`. If you wish to un-ignore a dependency ignored this way, re-open the pull request.
-
-For more information about the `@dependabot ignore` commands, see "[Managing pull requests for dependency updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands)."
-
-#### Specifying dependencies and versions to ignore
-
-You can use the `ignore` option to customize which dependencies are updated. The `ignore` option supports the following options.
-
-- `dependency-name`—use to ignore updates for dependencies with matching names, optionally using `*` to match zero or more characters. For Java dependencies, the format of the `dependency-name` attribute is: `groupId:artifactId` (for example: `org.kohsuke:github-api`).
-- `versions`—use to ignore specific versions or ranges of versions. If you want to define a range, use the standard pattern for the package manager (for example: `^1.0.0` for npm, or `~> 2.0` for Bundler).
-- `update-types`—use to ignore types of updates, such as semver `major`, `minor`, or `patch` updates on version updates (for example: `version-update:semver-patch` will ignore patch updates). You can combine this with `dependency-name: "*"` to ignore particular `update-types` for all dependencies. Currently, `version-update:semver-major`, `version-update:semver-minor`, and `version-update:semver-patch` are the only supported options. Security updates are unaffected by this setting.
-
-If `versions` and `update-types` are used together, {% data variables.product.prodname_dependabot %} will ignore any update in either set.
-
-{% data reusables.dependabot.option-affects-security-updates %}
-
-```yaml
-# Use `ignore` to specify dependencies that should not be updated 
-
-version: 2
-updates:
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    ignore:
-      - dependency-name: "express"
-        # For Express, ignore all updates for version 4 and 5
-        versions: ["4.x", "5.x"]
-        # For Lodash, ignore all updates
-      - dependency-name: "lodash"
-        # For AWS SDK, ignore all patch updates
-      - dependency-name: "aws-sdk"
-        update-types: ["version-update:semver-patch"]
-```
-
-{% note %}
-
-**Note**: {% data variables.product.prodname_dependabot %} can only run version updates on manifest or lock files if it can access all of the dependencies in the file, even if you add inaccessible dependencies to the `ignore` option of your configuration file. For more information, see "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private-dependencies)" and "[Troubleshooting {% data variables.product.prodname_dependabot %} errors](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors#dependabot-cant-resolve-your-dependency-files)."
-
-
-{% endnote %}
-
-### `insecure-external-code-execution`
-
-Package managers with the `package-ecosystem` values `bundler`, `mix`, and `pip` may execute external code in the manifest as part of the version update process. This might allow a compromised package to steal credentials or gain access to configured registries. When you add a [`registries`](#registries) setting within an `updates` configuration, {% data variables.product.prodname_dependabot %} automatically prevents external code execution, in which case the version update may fail. You can choose to override this behavior and allow external code execution for `bundler`, `mix`, and `pip` package managers by setting `insecure-external-code-execution` to `allow`.
-
-You can explicitly deny external code execution, irrespective of whether there is a `registries` setting for this update configuration, by setting `insecure-external-code-execution` to `deny`.
-
-{% raw %}
-```yaml
-# Allow external code execution when updating dependencies from private registries
-
-version: 2
-registries:
-  ruby-github:
-    type: rubygems-server
-    url: https://rubygems.pkg.github.com/octocat/github_api
-    token: ${{secrets.MY_GITHUB_PERSONAL_TOKEN}}
-updates:
-  - package-ecosystem: "bundler"
-    directory: "/rubygems-server"
-    insecure-external-code-execution: allow
-    registries: "*"
-    schedule:
-      interval: "monthly"
-```
-{% endraw %}
-
-### `labels`
-
-{% data reusables.dependabot.default-labels %}
-
-Use `labels` to override the default labels and specify alternative labels for all pull requests raised for a package manager. If any of these labels is not defined in the repository, it is ignored.
-To disable all labels, including the default labels, use `labels: [ ]`.
-
-{% data reusables.dependabot.option-affects-security-updates %}
-
-```yaml
-# Specify labels for pull requests
-
-version: 2
-updates:
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    # Specify labels for npm pull requests
-    labels:
-      - "npm"
-      - "dependencies"
-```
-
-### `milestone`
-
-Use `milestone` to associate all pull requests raised for a package manager with a milestone. You need to specify the numeric identifier of the milestone and not its label. If you view a milestone, the final part of the page URL, after `milestone`, is the identifier. For example: `https://github.com/<org>/<repo>/milestone/3`.
-
-{% data reusables.dependabot.option-affects-security-updates %}
-
-```yaml
-# Specify a milestone for pull requests
-
-version: 2
-updates:
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    # Associate pull requests with milestone "4"
-    milestone: 4
-```
-
-### `open-pull-requests-limit`
-
-By default, {% data variables.product.prodname_dependabot %} opens a maximum of five pull requests for version updates. Once there are five open pull requests, new requests are blocked until you merge or close some of the open requests, after which new pull requests can be opened on subsequent updates. Use `open-pull-requests-limit` to change this limit. This also provides a simple way to temporarily disable version updates for a package manager.
-
-This option has no impact on security updates, which have a separate, internal limit of ten open pull requests.
-
-```yaml
-# Specify the number of open pull requests allowed
-
-version: 2
-updates:
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    # Disable version updates for npm dependencies
-    open-pull-requests-limit: 0
-
-  - package-ecosystem: "pip"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    # Allow up to 10 open pull requests for pip dependencies
-    open-pull-requests-limit: 10
-```
-
-### `pull-request-branch-name.separator`
-
-{% data variables.product.prodname_dependabot %} generates a branch for each pull request. Each branch name includes `dependabot`, and the package manager and dependency that are updated. By default, these parts are separated by a `/` symbol, for example: `dependabot/npm_and_yarn/next_js/acorn-6.4.1`.
-
-Use `pull-request-branch-name.separator` to specify a different separator. This can be one of: `"-"`, `_` or `/`. The hyphen symbol must be quoted because otherwise it's interpreted as starting an empty YAML list.
-
-{% data reusables.dependabot.option-affects-security-updates %}
-
-```yaml
-# Specify a different separator for branch names
-
-version: 2
-updates:
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    pull-request-branch-name:
-      # Separate sections of the branch name with a hyphen
-      # for example, `dependabot-npm_and_yarn-next_js-acorn-6.4.1`
-      separator: "-"
-```
-
-### `rebase-strategy`
-
-By default, {% data variables.product.prodname_dependabot %} automatically rebases open pull requests when it detects any changes to the pull request. Use `rebase-strategy` to disable this behavior.
-
-Available rebase strategies
-
-- `disabled` to disable automatic rebasing.
-- `auto` to use the default behavior and rebase open pull requests when changes are detected.
-
-{% data reusables.dependabot.option-affects-security-updates %}
-
-```yaml
-# Disable automatic rebasing
-
-version: 2
-updates:
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    # Disable rebasing for npm pull requests
-    rebase-strategy: "disabled"
-```
-
-### `registries`
-
-To allow {% data variables.product.prodname_dependabot %} to access a private package registry when performing a version update, you must include a `registries` setting within the relevant `updates` configuration. You can allow all of the defined registries to be used by setting `registries` to `"*"`. Alternatively, you can list the registries that the update can use. To do this, use the name of the registry as defined in the top-level `registries` section of the _dependabot.yml_ file. For more information, see "[Configuration options for private registries](#configuration-options-for-private-registries)" below.
-
-To allow {% data variables.product.prodname_dependabot %} to use `bundler`, `mix`, and `pip` package managers to update dependencies in private registries, you can choose to allow external code execution. For more information, see [`insecure-external-code-execution`](#insecure-external-code-execution) above.
-
-```yaml
-# Allow {% data variables.product.prodname_dependabot %} to use one of the two defined private registries 
-# when updating dependency versions for this ecosystem
-
-{% raw %}
-version: 2
-registries:
-  maven-github:
-    type: maven-repository
-    url: https://maven.pkg.github.com/octocat
-    username: octocat
-    password: ${{secrets.MY_ARTIFACTORY_PASSWORD}}
-  npm-npmjs:
-    type: npm-registry
-    url: https://registry.npmjs.org
-    username: octocat
-    password: ${{secrets.MY_NPM_PASSWORD}}
-updates:
-  - package-ecosystem: "gitsubmodule"
-    directory: "/"
-    registries:
-      - maven-github
-    schedule:
-      interval: "monthly"
-{% endraw %}
-```
-
-### `reviewers`
-
-Use `reviewers` to specify individual reviewers or teams of reviewers for all pull requests raised for a package manager. You must use the full team name, including the organization, as if you were @mentioning the team.
-
-{% data reusables.dependabot.option-affects-security-updates %}
-
-```yaml
-# Specify reviewers for pull requests
-
-version: 2
-updates:
-  - package-ecosystem: "pip"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    # Add reviewers
-    reviewers:
-      - "octocat"
-      - "my-username"
-      - "my-org/python-team"
-```
-
-### `schedule.day`
-
-When you set a `weekly` update schedule, by default, {% data variables.product.prodname_dependabot %} checks for new versions on Monday at a random set time for the repository. Use `schedule.day` to specify an alternative day to check for updates.
-
-Supported values
-
-- `monday`
-- `tuesday`
-- `wednesday`
-- `thursday`
-- `friday`
-- `saturday`
-- `sunday`
-
-```yaml
-# Specify the day for weekly checks
-
-version: 2
-updates:
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-      # Check for npm updates on Sundays
-      day: "sunday"
-```
-
-### `schedule.time`
-
-By default, {% data variables.product.prodname_dependabot %} checks for new versions at a random set time for the repository. Use `schedule.time` to specify an alternative time of day to check for updates (format: `hh:mm`).
-
-```yaml
-# Set a time for checks
-version: 2
-updates:
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "daily"
-      # Check for npm updates at 9am UTC
-      time: "09:00"
-```
-
-### `schedule.timezone`
-
-By default, {% data variables.product.prodname_dependabot %} checks for new versions at a random set time for the repository. Use `schedule.timezone` to specify an alternative time zone. The time zone identifier must be from the Time Zone database maintained by [iana](https://www.iana.org/time-zones). For more information, see [List of tz database time zones](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones).
-
-```yaml
-# Specify the timezone for checks
-
-version: 2
-updates:
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "daily"
-      time: "09:00"
-      # Use Japan Standard Time (UTC +09:00)
-      timezone: "Asia/Tokyo"
-```
-
-### `target-branch`
-
-By default, {% data variables.product.prodname_dependabot %} checks for manifest files on the default branch and raises pull requests for version updates against this branch. Use `target-branch` to specify a different branch for manifest files and for pull requests. When you use this option, the settings for this package manager will no longer affect any pull requests raised for security updates.
-
-```yaml
-# Specify a non-default branch for pull requests for pip
-
-version: 2
-updates:
-  - package-ecosystem: "pip"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    # Raise pull requests for version updates
-    # to pip against the `develop` branch
-    target-branch: "develop"
-    # Labels on pull requests for version updates only
-    labels:
-      - "pip dependencies"
-
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-      # Check for npm updates on Sundays
-      day: "sunday"
-    # Labels on pull requests for security and version updates
-    labels:
-      - "npm dependencies"
-```
-
-### `vendor`
-
-Use the `vendor` option to tell {% data variables.product.prodname_dependabot %} to vendor dependencies when updating them. Don't use this option if you're using `gomod` as {% data variables.product.prodname_dependabot %} automatically detects vendoring for this tool.
-
-```yaml
-# Configure version updates for both dependencies defined in manifests and vendored dependencies
-
-version: 2
-updates:
-  - package-ecosystem: "bundler"
-    # Raise pull requests to update vendored dependencies that are checked in to the repository
-    vendor: true
-    directory: "/"
-    schedule:
-      interval: "weekly"
-```
-
-{% data variables.product.prodname_dependabot %} only updates the vendored dependencies located in specific directories in a repository.
-
-| Package manager | Required file path for vendored dependencies | More information |
-  |------------------|-------------------------------|--------|
-  | `bundler` | The dependencies must be in the _vendor/cache_ directory.</br>Other file paths are not supported. | [`bundle cache` documentation](https://bundler.io/man/bundle-cache.1.html) |
-  | `gomod` | No path requirement (dependencies are usually located in the _vendor_ directory) | [`go mod vendor` documentation](https://golang.org/ref/mod#go-mod-vendor) |
-
-
-### `versioning-strategy`
-
-When {% data variables.product.prodname_dependabot %} edits a manifest file to update a version, it uses the following overall strategies:
-
-- For apps, the version requirements are increased, for example: npm, pip and Composer.
-- For libraries, the range of versions is widened, for example: Bundler and Cargo.
-
-Use the `versioning-strategy` option to change this behavior for supported package managers.
-
-{% data reusables.dependabot.option-affects-security-updates %}
-
-Available update strategies
-
-| Option | Supported by | Action |
-|--------|--------------|--------|
-| `lockfile-only` | `bundler`, `cargo`, `composer`, `mix`, `npm`, `pip` | Only create pull requests to update lockfiles. Ignore any new versions that would require package manifest changes. |
-| `auto` | `bundler`, `cargo`, `composer`, `mix`, `npm`, `pip` | Follow the default strategy described above.|
-| `widen`| `composer`, `npm` | Relax the version requirement to include both the new and old version, when possible. |
-| `increase`| `bundler`, `composer`, `npm` | Always increase the version requirement to match the new version. |
-| `increase-if-necessary` | `bundler`, `composer`, `npm` | Increase the version requirement only when required by the new version. |
-
-```yaml
-# Customize the manifest version strategy
-
-version: 2
-updates:
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    # Update the npm manifest file to relax
-    # the version requirements
-    versioning-strategy: widen
-
-  - package-ecosystem: "composer"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    # Increase the version requirements for Composer
-    # only when required
-    versioning-strategy: increase-if-necessary
-
-  - package-ecosystem: "pip"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    # Only allow updates to the lockfile for pip and
-    # ignore any version updates that affect the manifest
-    versioning-strategy: lockfile-only
-```
-
-## Configuration options for private registries
-
-The top-level `registries` key is optional. It allows you to specify authentication details that {% data variables.product.prodname_dependabot %} can use to access private package registries. 
-
-{% note %}
-
-**Note:** Private registries behind firewalls on private networks are not supported.
-
-{% endnote %}
-
-The value of the `registries` key is an associative array, each element of which consists of a key that identifies a particular registry and a value which is an associative array that specifies the settings required to access that registry. The following *dependabot.yml* file, configures a registry identified as `dockerhub` in the `registries` section of the file and then references this in the `updates` section of the file.
-
-{% raw %}
-```yaml
-# Minimal settings to update dependencies in one private registry
-
-version: 2
-registries:
-  dockerhub: # Define access for a private registry 
-    type: docker-registry
-    url: registry.hub.docker.com
-    username: octocat
-    password: ${{secrets.DOCKERHUB_PASSWORD}}
-updates:
-  - package-ecosystem: "docker"
-    directory: "/docker-registry/dockerhub"
-    registries:
-      - dockerhub # Allow version updates for dependencies in this registry
-    schedule:
-      interval: "monthly"
-```
-{% endraw %}
-
-You use the following options to specify access settings. Registry settings must contain a `type` and a `url`, and typically either a `username` and `password` combination or a `token`.
-
-| Option&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | Description |
-|:---|:---|
-| `type`                     | Identifies the type of registry. See the full list of types below. |
-| `url`                      | The URL to use to access the dependencies in this registry. The protocol is optional. If not specified, `https://` is assumed. {% data variables.product.prodname_dependabot %} adds or ignores trailing slashes as required. |
-| `username`                 | The username that {% data variables.product.prodname_dependabot %} uses to access the registry. |
-| `password`                 | A reference to a {% data variables.product.prodname_dependabot %} secret containing the password for the specified user. For more information, see "[Managing encrypted secrets for Dependabot](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot)." |
-| `key`                    | A reference to a {% data variables.product.prodname_dependabot %} secret containing an access key for this registry. For more information, see "[Managing encrypted secrets for Dependabot](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot)." |
-| `token`                    | A reference to a {% data variables.product.prodname_dependabot %} secret containing an access token for this registry. For more information, see "[Managing encrypted secrets for Dependabot](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot)." |
-| `replaces-base`            | For registries with `type: python-index`, if the boolean value is `true`, pip resolves dependencies by using the specified URL rather than the base URL of the Python Package Index (by default `https://pypi.org/simple`). |
-
-
-Each configuration `type` requires you to provide particular settings. Some types allow more than one way to connect. The following sections provide details of the settings you should use for each `type`.
-
-### `composer-repository` 
-
-The `composer-repository` type supports username and password.
-
-{% raw %}
-```yaml
-registries:
-  composer:
-    type: composer-repository
-    url: https://repo.packagist.com/example-company/
-    username: octocat
-    password: ${{secrets.MY_PACKAGIST_PASSWORD}}
-```
-{% endraw %}
-
-### `docker-registry` 
-
-The `docker-registry` type supports username and password.
-
-{% raw %}
-```yaml
-registries:
-  dockerhub:
-    type: docker-registry
-    url: https://registry.hub.docker.com
-    username: octocat
-    password: ${{secrets.MY_DOCKERHUB_PASSWORD}}
-```
-{% endraw %}
-
-The `docker-registry` type can also be used to pull from Amazon ECR using static AWS credentials.
-
-{% raw %}
-```yaml
-registries:
-  ecr-docker:
-    type: docker-registry
-    url: https://1234567890.dkr.ecr.us-east-1.amazonaws.com
-    username: ${{secrets.ECR_AWS_ACCESS_KEY_ID}}
-    password: ${{secrets.ECR_AWS_SECRET_ACCESS_KEY}}
-```
-{% endraw %}
-
-### `git` 
-
-The `git` type supports username and password.
-
-{% raw %}
-```yaml
-registries:
-  github-octocat:
-    type: git
-    url: https://github.com
-    username: x-access-token
-    password: ${{secrets.MY_GITHUB_PERSONAL_TOKEN}}
-```
-{% endraw %}
-
-### `hex-organization` 
-
-The `hex-organization` type supports organization and key.
-
-{% raw %}
-```yaml
-registries:
-  github-hex-org:
-    type: hex-organization
-    organization: github
-    key: ${{secrets.MY_HEX_ORGANIZATION_KEY}}
-```
-{% endraw %}
-
-### `maven-repository`
-
-The `maven-repository` type supports username and password.
-
-{% raw %}
-```yaml
-registries:
-  maven-artifactory:
-    type: maven-repository
-    url: https://artifactory.example.com
-    username: octocat
-    password: ${{secrets.MY_ARTIFACTORY_PASSWORD}}
-```
-{% endraw %}
-
-### `npm-registry`
-
-The `npm-registry` type supports username and password, or token.
-
-When using username and password, your `.npmrc`'s auth token may contain a `base64` encoded `_password`; however, the password referenced in your {% data variables.product.prodname_dependabot %} configuration file must be the original (unencoded) password.
-
-{% raw %}
-```yaml
-registries:
-  npm-npmjs:
-    type: npm-registry
-    url: https://registry.npmjs.org
-    username: octocat
-    password: ${{secrets.MY_NPM_PASSWORD}}  # Must be an unencoded password
-```
-{% endraw %}
-
-{% raw %}
-```yaml
-registries:
-  npm-github:
-    type: npm-registry
-    url: https://npm.pkg.github.com
-    token: ${{secrets.MY_GITHUB_PERSONAL_TOKEN}}
-```
-{% endraw %}
-
-### `nuget-feed` 
-
-The `nuget-feed` type supports username and password, or token.
-
-{% raw %}
-```yaml
-registries:
-  nuget-example:
-    type: nuget-feed
-    url: https://nuget.example.com/v3/index.json
-    username: octocat@example.com
-    password: ${{secrets.MY_NUGET_PASSWORD}}
-```
-{% endraw %}
-
-{% raw %}
-```yaml
-registries:
-  nuget-azure-devops:
-    type: nuget-feed
-    url: https://pkgs.dev.azure.com/.../_packaging/My_Feed/nuget/v3/index.json
-    token: ${{secrets.MY_AZURE_DEVOPS_TOKEN}}
-```
-{% endraw %}
-
-### `python-index` 
-
-The `python-index` type supports username and password, or token.
-
-{% raw %}
-```yaml
-registries:
-  python-example:
-    type: python-index
-    url: https://example.com/_packaging/my-feed/pypi/example
-    username: octocat
-    password: ${{secrets.MY_BASIC_AUTH_PASSWORD}}
-    replaces-base: true
-```
-{% endraw %}
-
-{% raw %}
-```yaml
-registries:
-  python-azure:
-    type: python-index
-    url: https://pkgs.dev.azure.com/octocat/_packaging/my-feed/pypi/example
-    token: ${{secrets.MY_AZURE_DEVOPS_TOKEN}}
-    replaces-base: true
-```
-{% endraw %}
-
-### `rubygems-server`
-
-The `rubygems-server` type supports username and password, or token.
-
-{% raw %}
-```yaml
-registries:
-  ruby-example:
-    type: rubygems-server
-    url: https://rubygems.example.com
-    username: octocat@example.com
-    password: ${{secrets.MY_RUBYGEMS_PASSWORD}}
-```
-{% endraw %}
-
-{% raw %}
-```yaml
-registries:
-  ruby-github:
-    type: rubygems-server
-    url: https://rubygems.pkg.github.com/octocat/github_api
-    token: ${{secrets.MY_GITHUB_PERSONAL_TOKEN}}
-```
-{% endraw %}
-
-### `terraform-registry`
-
-The `terraform-registry` type supports a token.
-
-{% raw %}
-```yaml
-registries:
-  terraform-example:
-    type: terraform-registry
-    url: https://terraform.example.com
-    token: ${{secrets.MY_TERRAFORM_API_TOKEN}}
-```
-{% endraw %}
diff --git a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates.md b/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates.md
deleted file mode 100644
index 217257ceb262..000000000000
--- a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates.md
+++ /dev/null
@@ -1,143 +0,0 @@
----
-title: Customizing dependency updates
-intro: 'You can customize how {% data variables.product.prodname_dependabot %} maintains your dependencies.'
-permissions: 'People with write permissions to a repository can configure {% data variables.product.prodname_dependabot %} for the repository.'
-redirect_from:
-  - /github/administering-a-repository/customizing-dependency-updates
-  - /code-security/supply-chain-security/customizing-dependency-updates
-versions:
-  fpt: '*'
-  ghec: '*'
-  ghes: '>3.2'
-type: how_to
-topics:
-  - Dependabot
-  - Version updates
-  - Security updates
-  - Repositories
-  - Dependencies
-  - Pull requests
-  - Vulnerabilities
-shortTitle: Customize updates
----
-
-{% data reusables.dependabot.beta-security-and-version-updates %}
-{% data reusables.dependabot.enterprise-enable-dependabot %}
-
-## About customizing dependency updates
-
-After you've enabled version updates, you can customize how {% data variables.product.prodname_dependabot %} maintains your dependencies by adding further options to the *dependabot.yml* file. For example, you could:
-
-- Specify which day of the week to open pull requests for version updates: `schedule.day`
-- Set reviewers, assignees, and labels for each package manager: `reviewers`, `assignees`, and `labels`
-- Define a versioning strategy for changes to each manifest file: `versioning-strategy`
-- Change the maximum number of open pull requests for version updates from the default of 5: `open-pull-requests-limit`
-- Open pull requests for version updates to target a specific branch, instead of the default branch: `target-branch`
-
-For more information about the configuration options, see "[Configuration options for dependency updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates)."
-
-When you update the *dependabot.yml* file in your repository, {% data variables.product.prodname_dependabot %} runs an immediate check with the new configuration. Within minutes you will see an updated list of dependencies on the **{% data variables.product.prodname_dependabot %}** tab, this may take longer if the repository has many dependencies. You may also see new pull requests for version updates. For more information, see "[Listing dependencies configured for version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates)."
-
-## Impact of configuration changes on security updates
-
-If you customize the *dependabot.yml* file, you may notice some changes to the pull requests raised for security updates. These pull requests are always triggered by a security advisory for a dependency, rather than by the {% data variables.product.prodname_dependabot %} schedule. However, they inherit relevant configuration settings from the *dependabot.yml* file unless you specify a different target branch for version updates.
-
-For an example, see "[Setting custom labels](#setting-custom-labels)" below.
-
-## Modifying scheduling
-
-When you set a `daily` update schedule, by default, {% data variables.product.prodname_dependabot %} checks for new versions at 05:00 UTC. You can use `schedule.time` to specify an alternative time of day to check for updates (format: `hh:mm`).
-
-The example *dependabot.yml* file below expands the npm configuration to specify when {% data variables.product.prodname_dependabot %} should check for version updates to dependencies.
-
-```yaml
-# dependabot.yml file with
-# customized schedule for version updates
-
-version: 2
-updates:
-  # Keep npm dependencies up to date
-  - package-ecosystem: "npm"
-    directory: "/"
-    # Check the npm registry for updates at 2am UTC
-    schedule:
-      interval: "daily"
-      time: "02:00"
-```
-
-## Setting reviewers and assignees
-
-By default, {% data variables.product.prodname_dependabot %} raises pull requests without any reviewers or assignees.
-
-You can use `reviewers` and `assignees`  to specify reviewers and assignees for all pull requests raised for a package manager. When you specify a team, you must use the full team name, as if you were @mentioning the team (including the organization).
-
-The example *dependabot.yml* file below changes the npm configuration so that all pull requests opened with version and security updates for npm will have two reviewers and one assignee.
-
-```yaml
-# dependabot.yml file with
-# reviews and an assignee for all npm pull requests
-
-version: 2
-updates:
-  # Keep npm dependencies up to date
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    # Raise all npm pull requests with reviewers
-    reviewers:
-      - "my-org/team-name"
-      - "octocat"
-    # Raise all npm pull requests with an assignee
-    assignees:
-      - "user-name"
-```
-
-## Setting custom labels
-
-{% data reusables.dependabot.default-labels %}
-
-You can use `labels` to override the default labels and specify alternative labels for all pull requests raised for a package manager. You can't create new labels in the *dependabot.yml* file, so the alternative labels must already exist in the repository.
-
-The example *dependabot.yml* file below changes the npm configuration so that all pull requests opened with version and security updates for npm will have custom labels. It also changes the Docker configuration to check for version updates against a custom branch and to raise pull requests with custom labels against that custom branch. The changes to Docker will not affect security update pull requests because security updates are always made against the default branch.
-
-{% note %}
-
-**Note:** The new `target-branch` must contain a Dockerfile to update, otherwise this change will have the effect of disabling version updates for Docker.
-
-{% endnote %}
-
-```yaml
-# dependabot.yml file with
-# customized npm configuration
-
-version: 2
-updates:
-  # Keep npm dependencies up to date
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    # Raise all npm pull requests with custom labels
-    labels:
-      - "npm dependencies"
-      - "triage-board"
-
-    # Keep Docker dependencies up to date
-  - package-ecosystem: "docker"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    # Raise pull requests for Docker version updates
-    # against the "develop" branch. The Docker configuration
-    # no longer affects security update pull requests.
-    target-branch: "develop"
-    # Use custom labels on pull requests for Docker version updates
-    labels:
-      - "Docker dependencies"
-      - "triage-board"
-```
-
-## More examples
-
-For more examples, see "[Configuration options for dependency updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates)."
diff --git a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates.md b/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates.md
deleted file mode 100644
index ab9c946fed01..000000000000
--- a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates.md
+++ /dev/null
@@ -1,140 +0,0 @@
----
-title: Enabling and disabling Dependabot version updates
-intro: 'You can configure your repository so that {% data variables.product.prodname_dependabot %} automatically updates the packages you use.'
-permissions: 'People with write permissions to a repository can enable or disable {% data variables.product.prodname_dependabot_version_updates %} for the repository.'
-redirect_from:
-  - /github/administering-a-repository/enabling-and-disabling-version-updates
-  - /code-security/supply-chain-security/enabling-and-disabling-version-updates
-  - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-version-updates
-versions:
-  fpt: '*'
-  ghec: '*'
-  ghes: '> 3.2'
-type: how_to
-topics:
-  - Dependabot
-  - Version updates
-  - Repositories
-  - Dependencies
-  - Pull requests
-shortTitle: Enable and disable updates
----
-<!--Marketing-LINK: From /features/security/software-supply-chain page "About version updates for dependencies".-->
-{% data reusables.dependabot.beta-security-and-version-updates %}
-{% data reusables.dependabot.enterprise-enable-dependabot %}
-
-## About version updates for dependencies
-
-You enable {% data variables.product.prodname_dependabot_version_updates %} by checking a *dependabot.yml* configuration file in to your repository's `.github` directory. {% data variables.product.prodname_dependabot %} then raises pull requests to keep the dependencies you configure up-to-date. For each package manager's dependencies that you want to update, you must specify the location of the package manifest files and how often to check for updates to the dependencies listed in those files. For information about enabling security updates, see "[Configuring {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)."
-
-{% data reusables.dependabot.initial-updates %} For more information, see "[Customizing dependency updates](/github/administering-a-repository/customizing-dependency-updates)."
-
-{% data reusables.dependabot.private-dependencies-note %} Additionally, {% data variables.product.prodname_dependabot %} doesn't support private {% data variables.product.prodname_dotcom %} dependencies for all package managers. For more information, see "[About Dependabot version updates](/github/administering-a-repository/about-dependabot-version-updates#supported-repositories-and-ecosystems)" and "[{% data variables.product.prodname_dotcom %} language support](/github/getting-started-with-github/github-language-support)."
-
-## Enabling {% data variables.product.prodname_dependabot_version_updates %}
-
-{% data reusables.dependabot.create-dependabot-yml %} For information, see "[Configuration options for dependency updates](/github/administering-a-repository/configuration-options-for-dependency-updates)."
-1. Add a `version`. 
-1. Optionally, if you have dependencies in a private registry, add a `registries` section containing authentication details. 
-1. Add an `updates` section, with an entry for each package manager you want {% data variables.product.prodname_dependabot %} to monitor.
-1. For each package manager, use:
-    - `package-ecosystem` to specify the package manager.
-    - `directory` to specify the location of the manifest or other definition files.
-    - `schedule.interval` to specify how often to check for new versions.
-{% data reusables.dependabot.check-in-dependabot-yml %}
-
-### Example *dependabot.yml* file
-
-The example *dependabot.yml* file below configures version updates for two package managers: npm and Docker. When this file is checked in, {% data variables.product.prodname_dependabot %} checks the manifest files on the default branch for outdated dependencies. If it finds outdated dependencies, it will raise pull requests against the default branch to update the dependencies.
-
-```yaml
-# Basic dependabot.yml file with
-# minimum configuration for two package managers
-
-version: 2
-updates:
-  # Enable version updates for npm
-  - package-ecosystem: "npm"
-    # Look for `package.json` and `lock` files in the `root` directory
-    directory: "/"
-    # Check the npm registry for updates every day (weekdays)
-    schedule:
-      interval: "daily"
-
-  # Enable version updates for Docker
-  - package-ecosystem: "docker"
-    # Look for a `Dockerfile` in the `root` directory
-    directory: "/"
-    # Check for updates once a week
-    schedule:
-      interval: "weekly"
-```
-
-In the example above, if the Docker dependencies were very outdated, you might want to start with a `daily` schedule until the dependencies are up-to-date, and then drop back to a weekly schedule.
-
-### Enabling version updates on forks
-
-If you want to enable version updates on forks, there's an extra step. Version updates are not automatically enabled on forks when a *dependabot.yml* configuration file is present. This ensures that fork owners don't unintentionally enable version updates when they pull changes including a *dependabot.yml* configuration file from the original repository. 
-
-On a fork, you also need to explicitly enable {% data variables.product.prodname_dependabot %}.
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.accessing-repository-graphs %}
-{% data reusables.repositories.click-dependency-graph %}
-{% data reusables.dependabot.click-dependabot-tab %}
-5. Under "Enable Dependabot", click **Enable Dependabot**.
-
-## Checking the status of version updates
-
-After you enable version updates, the **Dependabot** tab in the dependency graph for the repository is populated. This tab shows which package managers {% data variables.product.prodname_dependabot %} is configured to monitor and when {% data variables.product.prodname_dependabot %} last checked for new versions.
-
-![Repository Insights tab, Dependency graph, Dependabot tab](/assets/images/help/dependabot/dependabot-tab-view.png)
-
-For information, see "[Listing dependencies configured for version updates](/github/administering-a-repository/listing-dependencies-configured-for-version-updates)."
-
-## Disabling {% data variables.product.prodname_dependabot_version_updates %}
-
-You can disable version updates entirely by deleting the *dependabot.yml* file from your repository. More usually, you want to disable updates temporarily for one or more dependencies, or package managers.
-
-- Package managers: disable by setting `open-pull-requests-limit: 0` or by commenting out the relevant `package-ecosystem` in the configuration file.
-- Specific dependencies: disable by adding `ignore` attributes for packages or applications that you want to exclude from updates.
-
-When you disable dependencies, you can use wild cards to match a set of related libraries. You can also specify which versions to exclude. This is particularly useful if you need to block updates to a library, pending work to support a breaking change to its API, but want to get any security fixes to the version you use.
-
-### Example disabling version updates for some dependencies
-
-The example *dependabot.yml* file below includes examples of the different ways to disable updates to some dependencies, while allowing other updates to continue.
-
-```yaml
-# dependabot.yml file with updates
-# disabled for Docker and limited for npm
-
-version: 2
-updates:
-  # Configuration for Dockerfile
-  - package-ecosystem: "docker"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-      # Disable all pull requests for Docker dependencies
-    open-pull-requests-limit: 0
-
-  # Configuration for npm
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    ignore:
-      # Ignore updates to packages that start with 'aws'
-      # Wildcards match zero or more arbitrary characters
-      - dependency-name: "aws*"
-      # Ignore some updates to the 'express' package
-      - dependency-name: "express"
-        # Ignore only new versions for 4.x and 5.x
-        versions: ["4.x", "5.x"]
-      # For all packages, ignore all patch updates
-      - dependency-name: "*"
-        update-types: ["version-update:semver-patch"]
-```
-
-For more information about checking for existing ignore preferences, see "[Configuration options for dependency updates](/github/administering-a-repository/configuration-options-for-dependency-updates#ignore)."
diff --git a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/index.md b/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/index.md
deleted file mode 100644
index e01e8e11160b..000000000000
--- a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/index.md
+++ /dev/null
@@ -1,29 +0,0 @@
----
-title: Keeping your dependencies updated automatically
-intro: '{% data variables.product.prodname_dependabot %} can maintain your repository''s dependencies automatically.'
-redirect_from:
-  - /github/administering-a-repository/keeping-your-dependencies-updated-automatically
-versions:
-  fpt: '*'
-  ghec: '*'
-  ghes: '>3.2'
-topics:
-  - Repositories
-  - Dependabot
-  - Version updates
-  - Dependencies
-  - Pull requests
-children:
-  - /about-dependabot-version-updates
-  - /enabling-and-disabling-dependabot-version-updates
-  - /listing-dependencies-configured-for-version-updates
-  - /managing-pull-requests-for-dependency-updates
-  - /automating-dependabot-with-github-actions
-  - /managing-encrypted-secrets-for-dependabot
-  - /customizing-dependency-updates
-  - /configuration-options-for-dependency-updates
-  - /keeping-your-actions-up-to-date-with-dependabot
-shortTitle: Auto-update dependencies
----
-
-{% data reusables.dependabot.beta-security-and-version-updates %}
diff --git a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot.md b/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot.md
deleted file mode 100644
index 7261cc6b3be2..000000000000
--- a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot.md
+++ /dev/null
@@ -1,64 +0,0 @@
----
-title: Keeping your actions up to date with Dependabot
-intro: 'You can use {% data variables.product.prodname_dependabot %} to keep the actions you use updated to the latest versions.'
-redirect_from:
-  - /github/administering-a-repository/keeping-your-actions-up-to-date-with-github-dependabot
-  - /github/administering-a-repository/keeping-your-actions-up-to-date-with-dependabot
-  - /code-security/supply-chain-security/keeping-your-actions-up-to-date-with-dependabot
-versions:
-  fpt: '*'
-  ghec: '*'
-  ghes: '>3.2'
-type: how_to
-topics:
-  - Repositories
-  - Dependabot
-  - Version updates
-  - Actions
-shortTitle: Auto-update actions
----
-
-{% data reusables.dependabot.beta-security-and-version-updates %}
-
-{% data reusables.dependabot.enterprise-enable-dependabot %}
-
-## About {% data variables.product.prodname_dependabot_version_updates %} for actions
-
-Actions are often updated with bug fixes and new features to make automated processes more reliable, faster, and safer. When you enable {% data variables.product.prodname_dependabot_version_updates %} for {% data variables.product.prodname_actions %}, {% data variables.product.prodname_dependabot %} will help ensure that references to actions in a repository's *workflow.yml* file are kept up to date. For each action in the file, {% data variables.product.prodname_dependabot %} checks the action's reference (typically a version number or commit identifier associated with the action) against the latest version. If a more recent version of the action is available, {% data variables.product.prodname_dependabot %} will send you a pull request that updates the reference in the workflow file to the latest version. For more information about {% data variables.product.prodname_dependabot_version_updates %}, see "[About {% data variables.product.prodname_dependabot_version_updates %}](/github/administering-a-repository/about-dependabot-version-updates)." For more information about configuring workflows for {% data variables.product.prodname_actions %}, see "[Learn {% data variables.product.prodname_actions %}](/actions/learn-github-actions)."
-  
-{% data reusables.actions.workflow-runs-dependabot-note %}
-
-## Enabling {% data variables.product.prodname_dependabot_version_updates %} for actions
-
-{% data reusables.dependabot.create-dependabot-yml %} If you have already enabled {% data variables.product.prodname_dependabot_version_updates %} for other ecosystems or package managers, simply open the existing *dependabot.yml* file.
-1. Specify `"github-actions"` as a `package-ecosystem` to monitor.
-1. Set the `directory` to `"/"` to check for workflow files in `.github/workflows`.
-1. Set a `schedule.interval` to specify how often to check for new versions.
-{% data reusables.dependabot.check-in-dependabot-yml %} If you have edited an existing file, save your changes.
-
-You can also enable {% data variables.product.prodname_dependabot_version_updates %} on forks. For more information, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates#enabling-version-updates-on-forks)."
-
-### Example *dependabot.yml* file for {% data variables.product.prodname_actions %}
-
-The example *dependabot.yml* file below configures version updates for {% data variables.product.prodname_actions %}. The `directory` must be set to `"/"` to check for workflow files in `.github/workflows`. The `schedule.interval` is set to `"daily"`. After this file has been checked in or updated, {% data variables.product.prodname_dependabot %} checks for new versions of your actions. {% data variables.product.prodname_dependabot %} will raise pull requests for version updates for any outdated actions that it finds. After the initial version updates, {% data variables.product.prodname_dependabot %} will continue to check for outdated versions of actions once a day.
-
-```yaml
-# Set update schedule for GitHub Actions
-
-version: 2
-updates:
-
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      # Check for updates to GitHub Actions every weekday
-      interval: "daily"
-```
-
-## Configuring {% data variables.product.prodname_dependabot_version_updates %} for actions
-
-When enabling {% data variables.product.prodname_dependabot_version_updates %} for actions, you must specify values for `package-ecosystem`, `directory`, and `schedule.interval`. There are many more optional properties that you can set to further customize your version updates. For more information, see "[Configuration options for dependency updates](/github/administering-a-repository/configuration-options-for-dependency-updates)."
-
-## Further reading
-
-- "[About GitHub Actions](/actions/getting-started-with-github-actions/about-github-actions)"
diff --git a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates.md b/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates.md
deleted file mode 100644
index 4a0585c911fe..000000000000
--- a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates.md
+++ /dev/null
@@ -1,41 +0,0 @@
----
-title: Listing dependencies configured for version updates
-intro: 'You can view the dependencies that {% data variables.product.prodname_dependabot %} monitors for updates.'
-redirect_from:
-  - /github/administering-a-repository/listing-dependencies-configured-for-version-updates
-  - /code-security/supply-chain-security/listing-dependencies-configured-for-version-updates
-versions:
-  fpt: '*'
-  ghec: '*'
-  ghes: '>3.2'
-type: how_to
-topics:
-  - Repositories
-  - Dependabot
-  - Version updates
-  - Dependencies
-shortTitle: List configured dependencies
----
-
-{% data reusables.dependabot.beta-security-and-version-updates %}
-{% data reusables.dependabot.enterprise-enable-dependabot %}
-
-## Viewing dependencies monitored by {% data variables.product.prodname_dependabot %}
-
-After you've enabled version updates, you can confirm that your configuration is correct using the **{% data variables.product.prodname_dependabot %}** tab in the dependency graph for the repository. For more information, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)."
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.accessing-repository-graphs %}
-{% data reusables.repositories.click-dependency-graph %}
-{% data reusables.dependabot.click-dependabot-tab %}
-1. Optionally, to view the files monitored for a package manager, click the associated {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %}.
-  ![Monitored dependency files](/assets/images/help/dependabot/monitored-dependency-files.png)
-
-If any dependencies are missing, check the log files for errors. If any package managers are missing, review the configuration file.
-
-## Viewing {% data variables.product.prodname_dependabot %} log files
-
-1. On the **{% data variables.product.prodname_dependabot %}** tab, click **Last checked *TIME* ago** to see the log file that {% data variables.product.prodname_dependabot %} generated during the last check for version updates.
-  ![View log file](/assets/images/help/dependabot/last-checked-link.png)
-2. Optionally, to rerun the version check, click **Check for updates**.
-  ![Check for updates](/assets/images/help/dependabot/check-for-updates.png)
diff --git a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot.md b/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot.md
deleted file mode 100644
index 2227c4590041..000000000000
--- a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot.md
+++ /dev/null
@@ -1,91 +0,0 @@
----
-title: Managing encrypted secrets for Dependabot
-intro: 'You can store sensitive information, like passwords and access tokens, as encrypted secrets and then reference these in the {% data variables.product.prodname_dependabot %} configuration file.'
-redirect_from:
-  - /github/administering-a-repository/managing-encrypted-secrets-for-dependabot
-  - /code-security/supply-chain-security/managing-encrypted-secrets-for-dependabot
-versions:
-  fpt: '*'
-  ghec: '*'
-  ghes: '>3.2'
-type: how_to
-topics:
-  - Dependabot
-  - Version updates
-  - Secret store
-  - Repositories
-  - Dependencies
-shortTitle: Manage encrypted secrets
----
-
-{% data reusables.dependabot.beta-security-and-version-updates %}
-
-## About encrypted secrets for {% data variables.product.prodname_dependabot %}
-
-{% data variables.product.prodname_dependabot %} secrets are encrypted credentials that you create at either the organization level or the repository level.
-When you add a secret at the organization level, you can specify which repositories can access the secret. You can use secrets to allow {% data variables.product.prodname_dependabot %} to update dependencies located in private package registries. When you add a secret it's encrypted before it reaches {% data variables.product.prodname_dotcom %} and it remains encrypted until it's used by {% data variables.product.prodname_dependabot %} to access a private package registry.
-
-After you add a {% data variables.product.prodname_dependabot %} secret, you can reference it in the _dependabot.yml_ configuration file like this: {% raw %}`${{secrets.NAME}}`{% endraw %}, where "NAME" is the name you chose for the secret. For example: 
-
-{% raw %}
-```yaml
-password: ${{secrets.MY_ARTIFACTORY_PASSWORD}}
-```
-{% endraw %}
-
-For more information, see "[Configuration options for dependency updates](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)."
-
-### Naming your secrets
-
-The name of a {% data variables.product.prodname_dependabot %} secret:
-* Can only contain alphanumeric characters (`[A-Z]`, `[0-9]`) or underscores (`_`). Spaces are not allowed. If you enter lowercase letters these are changed to uppercase.
-* Must not start with the `GITHUB_` prefix.
-* Must not start with a number.
-
-## Adding a repository secret for {% data variables.product.prodname_dependabot %}
-
-{% data reusables.actions.permissions-statement-secrets-repository %}
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-settings %}
-{% data reusables.actions.sidebar-secret %}
-{% data reusables.dependabot.dependabot-secrets-button %}
-1. Click **New repository secret**.
-1. Type a name for your secret in the **Name** input box.
-1. Enter the value for your secret.
-1. Click **Add secret**.
-
-   The name of the secret is listed on the Dependabot secrets page. You can click **Update** to change the secret value. You can click **Remove** to delete the secret.
-
-   ![Update or remove a repository secret](/assets/images/help/dependabot/update-remove-repo-secret.png)
-
-## Adding an organization secret for {% data variables.product.prodname_dependabot %}
-
-When creating a secret in an organization, you can use a policy to limit which repositories can access that secret. For example, you can grant access to all repositories, or limit access to only private repositories or a specified list of repositories.
-
-{% data reusables.actions.permissions-statement-secrets-organization %}
-
-{% data reusables.organizations.navigate-to-org %}
-{% data reusables.organizations.org_settings %}
-{% data reusables.actions.sidebar-secret %}
-{% data reusables.dependabot.dependabot-secrets-button %}
-1. Click **New organization secret**.
-1. Type a name for your secret in the **Name** input box.
-1. Enter the **Value** for your secret.
-1. From the **Repository access** dropdown list, choose an access policy.
-1. If you chose **Selected repositories**:
-
-   * Click {% octicon "gear" aria-label="The Gear icon" %}.
-   * Choose the repositories that can access this secret. 
-     ![Select repositories for this secret](/assets/images/help/dependabot/secret-repository-access.png)
-   * Click **Update selection**.
-
-1. Click **Add secret**.
-
-   The name of the secret is listed on the Dependabot secrets page. You can click **Update** to change the secret value or its access policy. You can click **Remove** to delete the secret.
-
-   ![Update or remove an organization secret](/assets/images/help/dependabot/update-remove-org-secret.png)
-   
-## Adding {% data variables.product.prodname_dependabot %} to your registries IP allow list
-
-If your private registry is configured with an IP allow list, you can find the IP addresses {% data variables.product.prodname_dependabot %} uses to access the registry in the meta API endpoint, under the `dependabot` key. For more information, see "[Meta](/rest/reference/meta)."
diff --git a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates.md b/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates.md
deleted file mode 100644
index 99176596b7a1..000000000000
--- a/translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates.md
+++ /dev/null
@@ -1,65 +0,0 @@
----
-title: Managing pull requests for dependency updates
-intro: 'You manage pull requests raised by {% data variables.product.prodname_dependabot %} in much the same way as other pull requests, but there are some extra options.'
-redirect_from:
-  - /github/administering-a-repository/managing-pull-requests-for-dependency-updates
-  - /code-security/supply-chain-security/managing-pull-requests-for-dependency-updates
-versions:
-  fpt: '*'
-  ghec: '*'
-  ghes: '> 3.2'
-type: how_to
-topics:
-  - Repositories
-  - Version updates
-  - Security updates
-  - Pull requests
-  - Dependencies
-  - Vulnerabilities
-shortTitle: Manage Dependabot PRs
----
-
-{% data reusables.dependabot.beta-security-and-version-updates %}
-{% data reusables.dependabot.enterprise-enable-dependabot %}
-
-## About {% data variables.product.prodname_dependabot %} pull requests
-
-{% data reusables.dependabot.pull-request-introduction %}
-
-When {% data variables.product.prodname_dependabot %} raises a pull request, you're notified by your chosen method for the repository. Each pull request contains detailed information about the proposed change, taken from the package manager. These pull requests follow the normal checks and tests defined in your repository. 
-{% ifversion fpt or ghec %}In addition, where enough information is available, you'll see a compatibility score. This may also help you decide whether or not to merge the change. For information about this score, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)."{% endif %}
-
-If you have many dependencies to manage, you may want to customize the configuration for each package manager so that pull requests have specific reviewers, assignees, and labels. For more information, see "[Customizing dependency updates](/github/administering-a-repository/customizing-dependency-updates)."
-
-## Viewing {% data variables.product.prodname_dependabot %} pull requests
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-pr %}
-1. Any pull requests for security or version updates are easy to identify.
-    - The author is {% ifversion fpt or ghec %}[dependabot](https://github.com/dependabot){% else %}dependabot{% endif %}, the bot account used by {% data variables.product.prodname_dependabot %}.
-    - By default, they have the `dependencies` label.
-
-## Changing the rebase strategy for {% data variables.product.prodname_dependabot %} pull requests
-
-By default, {% data variables.product.prodname_dependabot %} automatically rebases pull requests to resolve any conflicts. If you'd prefer to handle merge conflicts manually, you can disable this using the `rebase-strategy` option. For details, see "[Configuration options for dependency updates](/github/administering-a-repository/configuration-options-for-dependency-updates#rebase-strategy)."
-
-## Managing {% data variables.product.prodname_dependabot %} pull requests with comment commands
-
-{% data variables.product.prodname_dependabot %} responds to simple commands in comments. Each pull request contains details of the commands you can use to process the pull request (for example: to merge, squash, reopen, close, or rebase the pull request) under the "{% data variables.product.prodname_dependabot %} commands and options" section. The aim is to make it as easy as possible for you to triage these automatically generated pull requests.
-
-You can use any of the following commands on a {% data variables.product.prodname_dependabot %} pull request.
-
-- `@dependabot cancel merge` cancels a previously requested merge.
-- `@dependabot close` closes the pull request and prevents {% data variables.product.prodname_dependabot %} from recreating that pull request. You can achieve the same result by closing the pull request manually.
-- `@dependabot ignore this dependency` closes the pull request and prevents {% data variables.product.prodname_dependabot %} from creating any more pull requests for this dependency (unless you reopen the pull request or upgrade to the suggested version of the dependency yourself).
-- `@dependabot ignore this major version` closes the pull request and prevents {% data variables.product.prodname_dependabot %} from creating any more pull requests for this major version (unless you reopen the pull request or upgrade to this major version yourself).
-- `@dependabot ignore this minor version` closes the pull request and prevents {% data variables.product.prodname_dependabot %} from creating any more pull requests for this minor version (unless you reopen the pull request or upgrade to this minor version yourself).
-- `@dependabot merge` merges the pull request once your CI tests have passed.
-- `@dependabot rebase` rebases the pull request.
-- `@dependabot recreate` recreates the pull request, overwriting any edits that have been made to the pull request.
-- `@dependabot reopen` reopens the pull request if the pull request is closed.
-- `@dependabot squash and merge` squashes and merges the pull request once your CI tests have passed.
-
-{% data variables.product.prodname_dependabot %} will react with a "thumbs up" emoji to acknowledge the command, and may respond with a comment on the pull request. While {% data variables.product.prodname_dependabot %} usually responds quickly, some commands may take several minutes to complete if {% data variables.product.prodname_dependabot %} is busy processing other updates or commands.
-
-If you run any of the commands for ignoring dependencies or versions, {% data variables.product.prodname_dependabot %} stores the preferences for the repository centrally. While this is a quick solution, for repositories with more than one contributor it is better to explicitly define the dependencies and versions to ignore in the configuration file. This makes it easy for all contributors to see why a particular dependency isn't being updated automatically. For more information, see "[Configuration options for dependency updates](/github/administering-a-repository/configuration-options-for-dependency-updates#ignore)."
diff --git a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md b/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md
deleted file mode 100644
index 52b0aa9c647d..000000000000
--- a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md
+++ /dev/null
@@ -1,99 +0,0 @@
----
-title: About alerts for vulnerable dependencies
-intro: '{% data variables.product.product_name %} sends {% data variables.product.prodname_dependabot_alerts %} when we detect vulnerabilities affecting your repository.'
-redirect_from:
-  - /articles/about-security-alerts-for-vulnerable-dependencies
-  - /github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies
-  - /github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies
-  - /code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies
-versions:
-  fpt: '*'
-  ghes: '*'
-  ghae: issue-4864
-  ghec: '*'
-type: overview
-topics:
-  - Dependabot
-  - Alerts
-  - Vulnerabilities
-  - Repositories
-  - Dependencies
-shortTitle: Dependabot alerts
----
-<!--Marketing-LINK: From /features/security/software-supply-chain page "About alerts for vulnerable dependencies ".-->
-
-## About vulnerable dependencies
-
-{% data reusables.repositories.a-vulnerability-is %}
-
-When your code depends on a package that has a security vulnerability, this vulnerable dependency can cause a range of problems for your project or the people who use it.
-
-## Detection of vulnerable dependencies
-
-{% data reusables.dependabot.dependabot-alerts-beta %}
-
-{% data variables.product.prodname_dependabot %} performs a scan to detect vulnerable dependencies and sends {% data variables.product.prodname_dependabot_alerts %} when:
-
-{% ifversion fpt or ghec %}
-- A new vulnerability is added to the {% data variables.product.prodname_advisory_database %}. For more information, see "[Browsing security vulnerabilities in the {% data variables.product.prodname_advisory_database %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database)" and "[About {% data variables.product.prodname_security_advisories %}](/code-security/security-advisories/about-github-security-advisories)."{% else %}
-- New advisory data is synchronized to {% data variables.product.product_location %} each hour from {% data variables.product.prodname_dotcom_the_website %}. {% data reusables.security-advisory.link-browsing-advisory-db %}{% endif %}
-  {% note %}
-
-  **Note:** Only advisories that have been reviewed by {% data variables.product.company_short %} will trigger {% data variables.product.prodname_dependabot_alerts %}.
-
-  {% endnote %}
-- The dependency graph for a repository changes. For example, when a contributor pushes a commit to change the packages or versions it depends on{% ifversion fpt or ghec %}, or when the code of one of the dependencies changes{% endif %}. For more information, see "[About the dependency graph](/code-security/supply-chain-security/about-the-dependency-graph)."
-
-{% data reusables.repositories.dependency-review %}
-
-For a list of the ecosystems that {% data variables.product.product_name %} can detect vulnerabilities and dependencies for, see "[Supported package ecosystems](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)."
-
-{% note %}
-
-**Note:** It is important to keep your manifest and lock files up to date. If the dependency graph doesn't accurately reflect your current dependencies and versions, then you could miss alerts for vulnerable dependencies that you use. You may also get alerts for dependencies that you no longer use.
-
-{% endnote %}
-
-##  {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies
-
-{% data reusables.repositories.enable-security-alerts %}
-
-{% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %} detects vulnerable dependencies in _public_ repositories and displays the dependency graph, but does not generate {% data variables.product.prodname_dependabot_alerts %} by default. Repository owners or people with admin access can enable {% data variables.product.prodname_dependabot_alerts %} for public repositories. Owners of private repositories, or people with admin access, can enable {% data variables.product.prodname_dependabot_alerts %} by enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} for their repositories.
-
-You can also enable or disable {% data variables.product.prodname_dependabot_alerts %} for all repositories owned by your user account or organization. For more information, see "[Managing security and analysis settings for your user account](/github/setting-up-and-managing-your-github-user-account/managing-security-and-analysis-settings-for-your-user-account)" or "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)."
-
-For information about access requirements for actions related to {% data variables.product.prodname_dependabot_alerts %}, see "[Repository roles for an organization](/organizations/managing-access-to-your-organizations-repositories/repository-roles-for-an-organization#access-requirements-for-security-features)."
-
-{% data variables.product.product_name %} starts generating the dependency graph immediately and generates alerts for any vulnerable dependencies as soon as they are identified. The graph is usually populated within minutes but this may take longer for repositories with many dependencies. For more information, see "[Managing data use settings for your private repository](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)."
-{% endif %}
-
-When {% data variables.product.product_name %} identifies a vulnerable dependency, we generate a {% data variables.product.prodname_dependabot %} alert and display it {% ifversion fpt or ghec or ghes %} on the Security tab for the repository and{% endif %} in the repository's dependency graph. The alert includes {% ifversion fpt or ghec or ghes %}a link to the affected file in the project, and {% endif %}information about a fixed version. {% data variables.product.product_name %} may also notify the maintainers of affected repositories about the new alert according to their notification preferences. For more information, see "[Configuring notifications for vulnerable dependencies](/code-security/supply-chain-security/configuring-notifications-for-vulnerable-dependencies)."
-
-{% ifversion fpt or ghec or ghes > 3.2 %}
-For repositories where {% data variables.product.prodname_dependabot_security_updates %} are enabled, the alert may also contain a link to a pull request to update the manifest or lock file to the minimum version that resolves the vulnerability. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)."
-{% endif %}
-
-{% warning %}
-
-**Note**: {% data variables.product.product_name %}'s security features do not claim to catch all vulnerabilities. Though we are always trying to update our vulnerability database and generate alerts with our most up-to-date information, we will not be able to catch everything or tell you about known vulnerabilities within a guaranteed time frame. These features are not substitutes for human review of each dependency for potential vulnerabilities or any other issues, and we recommend consulting with a security service or conducting a thorough vulnerability review when necessary.
-
-{% endwarning %}
-
-## Access to  {% data variables.product.prodname_dependabot_alerts %}
-
-You can see all of the alerts that affect a particular project{% ifversion fpt or ghec %} on the repository's Security tab or{% endif %} in the repository's dependency graph. For more information, see "[Viewing and updating vulnerable dependencies in your repository](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)."
-
-By default, we notify people with admin permissions in the affected repositories about new {% data variables.product.prodname_dependabot_alerts %}. {% ifversion fpt or ghec %}{% data variables.product.product_name %} never publicly discloses identified vulnerabilities for any repository. You can also make {% data variables.product.prodname_dependabot_alerts %} visible to additional people or teams working repositories that you own or have admin permissions for. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)."
-{% endif %}
-
-{% data reusables.notifications.vulnerable-dependency-notification-enable %}
-{% data reusables.notifications.vulnerable-dependency-notification-delivery-method-customization2 %} For more information, see "[Configuring notifications for vulnerable dependencies](/code-security/supply-chain-security/configuring-notifications-for-vulnerable-dependencies)."
-
-You can also see all the {% data variables.product.prodname_dependabot_alerts %} that correspond to a particular vulnerability in the {% data variables.product.prodname_advisory_database %}. {% data reusables.security-advisory.link-browsing-advisory-db %}
-
-{% ifversion fpt or ghec or ghes > 3.2 %}
-## Further reading
-
-- "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)"
-- "[Viewing and updating vulnerable dependencies in your repository](/articles/viewing-and-updating-vulnerable-dependencies-in-your-repository)"{% endif %}
-{% ifversion fpt or ghec %}- "[Privacy on {% data variables.product.prodname_dotcom %}](/get-started/privacy-on-github)"{% endif %}
diff --git a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates.md b/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates.md
deleted file mode 100644
index b283a4b5e09c..000000000000
--- a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates.md
+++ /dev/null
@@ -1,66 +0,0 @@
----
-title: About Dependabot security updates
-intro: '{% data variables.product.prodname_dependabot %} can fix vulnerable dependencies for you by raising pull requests with security updates.'
-shortTitle: Dependabot security updates
-redirect_from:
-  - /github/managing-security-vulnerabilities/about-github-dependabot-security-updates
-  - /github/managing-security-vulnerabilities/about-dependabot-security-updates
-  - /code-security/supply-chain-security/about-dependabot-security-updates
-versions:
-  fpt: '*'
-  ghec: '*'
-  ghes: '> 3.2'
-type: overview
-topics:
-  - Dependabot
-  - Security updates
-  - Vulnerabilities
-  - Repositories
-  - Dependencies
-  - Pull requests
----
-
-<!--Marketing-LINK: From /features/security/software-supply-chain page "About Dependabot security updates".-->
-
-{% data reusables.dependabot.beta-security-and-version-updates %}
-{% data reusables.dependabot.enterprise-enable-dependabot %}
-
-## About {% data variables.product.prodname_dependabot_security_updates %}
-
-{% data variables.product.prodname_dependabot_security_updates %} make it easier for you to fix vulnerable dependencies in your repository. If you enable this feature, when a {% data variables.product.prodname_dependabot %} alert is raised for a vulnerable dependency in the dependency graph of your repository, {% data variables.product.prodname_dependabot %} automatically tries to fix it. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)" and "[Configuring {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)."
-
-{% data variables.product.prodname_dotcom %} may send  {% data variables.product.prodname_dependabot_alerts %} to repositories affected by a vulnerability disclosed by a recently published {% data variables.product.prodname_dotcom %} security advisory. {% data reusables.security-advisory.link-browsing-advisory-db %}
-
-{% data variables.product.prodname_dependabot %} checks whether it's possible to upgrade the vulnerable dependency to a fixed version without disrupting the dependency graph for the repository. Then {% data variables.product.prodname_dependabot %} raises a pull request to update the dependency to the minimum version that includes the patch and links the pull request to the {% data variables.product.prodname_dependabot %} alert, or reports an error on the alert. For more information, see "[Troubleshooting {% data variables.product.prodname_dependabot %} errors](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)."
-
-{% note %}
-
-**Note**
-
-The {% data variables.product.prodname_dependabot_security_updates %} feature is available for repositories where you have enabled the dependency graph and {% data variables.product.prodname_dependabot_alerts %}. You will see a {% data variables.product.prodname_dependabot %} alert for every vulnerable dependency identified in your full dependency graph. However, security updates are triggered only for dependencies that are specified in a manifest or lock file. {% data variables.product.prodname_dependabot %} is unable to update an indirect or transitive dependency that is not explicitly defined. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#dependencies-included)."
-
-{% endnote %}
-
-You can enable a related feature, {% data variables.product.prodname_dependabot_version_updates %}, so that {% data variables.product.prodname_dependabot %} raises pull requests to update the manifest to the latest version of the dependency, whenever it detects an outdated dependency. For more information, see "[About {% data variables.product.prodname_dependabot %} version updates](/github/administering-a-repository/about-dependabot-version-updates)."
-
-{% data reusables.dependabot.pull-request-security-vs-version-updates %}
-
-## About pull requests for security updates
-
-Each pull request contains everything you need to quickly and safely review and merge a proposed fix into your project. This includes information about the vulnerability like release notes, changelog entries, and commit details. Details of which vulnerability a pull request resolves are hidden from anyone who does not have access to {% data variables.product.prodname_dependabot_alerts %} for the repository.
-
-When you merge a pull request that contains a security update, the corresponding {% data variables.product.prodname_dependabot %} alert is marked as resolved for your repository. For more information about {% data variables.product.prodname_dependabot %} pull requests, see "[Managing pull requests for dependency updates](/github/administering-a-repository/managing-pull-requests-for-dependency-updates)."
-
-{% data reusables.dependabot.automated-tests-note %}
-
-{% ifversion fpt or ghec %}
-
-## About compatibility scores
-
-{% data variables.product.prodname_dependabot_security_updates %} may include compatibility scores to let you know whether updating a dependency could cause breaking changes to your project. These are calculated from CI tests in other public repositories where the same security update has been generated. An update's compatibility score is the percentage of CI runs that passed when updating between specific versions of the dependency.
-
-{% endif %}
-
-## About notifications for {% data variables.product.prodname_dependabot %} security updates
-
-You can filter your notifications on {% data variables.product.company_short %} to show {% data variables.product.prodname_dependabot %} security updates. For more information, see "[Managing notifications from your inbox](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox#dependabot-custom-filters)."
diff --git a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies.md b/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies.md
deleted file mode 100644
index ee0c826d039e..000000000000
--- a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies.md
+++ /dev/null
@@ -1,46 +0,0 @@
----
-title: About managing vulnerable dependencies
-intro: '{% data variables.product.product_name %} helps you to avoid using third-party software that contains known vulnerabilities.'
-redirect_from:
-  - /github/managing-security-vulnerabilities/about-managing-vulnerable-dependencies
-  - /code-security/supply-chain-security/about-managing-vulnerable-dependencies
-versions:
-  fpt: '*'
-  ghes: '>=3.2'
-  ghae: issue-4864
-  ghec: '*'
-type: overview
-topics:
-  - Dependabot
-  - Dependency graph
-  - Dependency review
-  - Vulnerabilities
-  - Repositories
-  - Dependencies
-  - Pull requests
-shortTitle: Vulnerable dependencies
----
-<!--Marketing-LINK: From /features/security/software-supply-chain page "Managing vulnerabilities in your project’s dependencies ".-->
-
-{% data variables.product.product_name %} provides the following tools for removing and avoiding vulnerable dependencies.
-
-## Dependency graph
-The dependency graph is a summary of the manifest and lock files stored in a repository. It shows you the ecosystems and packages your codebase depends on (its dependencies) and the repositories and packages that depend on your project (its dependents). The information in the dependency graph is used by dependency review and {% data variables.product.prodname_dependabot %}.
-For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)."
-
-## Dependency review
-
-{% data reusables.dependency-review.beta %}
-
-By checking the dependency reviews on pull requests you can avoid introducing vulnerabilities from dependencies into your codebase. If the pull requests adds a vulnerable dependency, or changes a dependency to a vulnerable version, this is highlighted in the dependency review. You can change the dependency to a patched version before merging the pull request. For more information, see "[About dependency review](/code-security/supply-chain-security/about-dependency-review)."
-
-## {% data variables.product.prodname_dependabot_alerts %}
-{% data variables.product.product_name %} can create {% data variables.product.prodname_dependabot_alerts %} when it detects vulnerable dependencies in your repository. The alert is displayed on the Security tab for the repository. The alert includes a link to the affected file in the project, and information about a fixed version. {% data variables.product.product_name %} also notifies the maintainers of the repository, according to their notification preferences. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."
-
-{% ifversion fpt or ghec or ghes > 3.2 %}
-## {% data variables.product.prodname_dependabot_security_updates %}
-When {% data variables.product.product_name %} generates a {% data variables.product.prodname_dependabot %} alert for a vulnerable dependency in your repository, {% data variables.product.prodname_dependabot %} can automatically try to fix it for you. {% data variables.product.prodname_dependabot_security_updates %} are automatically generated pull requests that update a vulnerable dependency to a fixed version. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)."
-
-## {% data variables.product.prodname_dependabot_version_updates %}
-Enabling {% data variables.product.prodname_dependabot_version_updates %} takes the effort out of maintaining your dependencies. With {% data variables.product.prodname_dependabot_version_updates %}, whenever {% data variables.product.prodname_dotcom  %} identifies an outdated dependency, it raises a pull request to update the manifest to the latest version of the dependency. By contrast, {% data variables.product.prodname_dependabot_security_updates %} only raises pull requests to fix vulnerable dependencies. For more information, see "[About Dependabot version updates](/github/administering-a-repository/about-dependabot-version-updates)."
-{% endif %}
diff --git a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates.md b/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates.md
deleted file mode 100644
index 4b5d03893f05..000000000000
--- a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates.md
+++ /dev/null
@@ -1,79 +0,0 @@
----
-title: Configuring Dependabot security updates
-intro: 'You can use {% data variables.product.prodname_dependabot_security_updates %} or manual pull requests to easily update vulnerable dependencies.'
-shortTitle: Configure security updates
-redirect_from:
-  - /articles/configuring-automated-security-fixes
-  - /github/managing-security-vulnerabilities/configuring-automated-security-fixes
-  - /github/managing-security-vulnerabilities/configuring-automated-security-updates
-  - /github/managing-security-vulnerabilities/configuring-github-dependabot-security-updates
-  - /github/managing-security-vulnerabilities/configuring-dependabot-security-updates
-  - /code-security/supply-chain-security/configuring-dependabot-security-updates
-versions:
-  fpt: '*'
-  ghec: '*'
-  ghes: '>3.2'
-type: how_to
-topics:
-  - Dependabot
-  - Security updates
-  - Alerts
-  - Dependencies
-  - Pull requests
-  - Repositories
----
-<!--Marketing-LINK: From home page "Learn more about Dependabot".-->
-
-{% data reusables.dependabot.beta-security-and-version-updates %}
-{% data reusables.dependabot.enterprise-enable-dependabot %}
-
-## About configuring {% data variables.product.prodname_dependabot_security_updates %}
-
-You can enable {% data variables.product.prodname_dependabot_security_updates %} for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)."
-
-You can disable {% data variables.product.prodname_dependabot_security_updates %} for an individual repository or for all repositories owned by your user account or organization. For more information, see "[Managing {% data variables.product.prodname_dependabot_security_updates %} for your repositories](#managing-dependabot-security-updates-for-your-repositories)" below.
-
-{% ifversion fpt or ghec %}{% data reusables.dependabot.dependabot-tos %}{% endif %}
-
-## Supported repositories
-
-{% data variables.product.prodname_dotcom %} automatically enables {% data variables.product.prodname_dependabot_security_updates %} for every repository that meets these prerequisites.
-
-{% note %}
-
-**Note**: You can manually enable {% data variables.product.prodname_dependabot_security_updates %}, even if the repository doesn't meet some of the prerequisites below. For example, you can enable {% data variables.product.prodname_dependabot_security_updates %} on a fork, or for a package manager that isn't directly supported by following the instructions in "[Managing {% data variables.product.prodname_dependabot_security_updates %} for your repositories](#managing-dependabot-security-updates-for-your-repositories)."
-
-{% endnote %}
-
-| Automatic enablement prerequisite | More information |
-| ----------------- | ----------------------- |
-| Repository is not a fork | "[About forks](/github/collaborating-with-issues-and-pull-requests/about-forks)" |
-| Repository is not archived | "[Archiving repositories](/github/creating-cloning-and-archiving-repositories/archiving-repositories)" |{% ifversion fpt or ghec %}
-| Repository is public, or repository is private and you have enabled read-only analysis by {% data variables.product.prodname_dotcom %}, dependency graph, and vulnerability alerts in the repository's settings | "[Managing data use settings for your private repository](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)." |{% endif %}
-| Repository contains dependency manifest file from a package ecosystem that {% data variables.product.prodname_dotcom %} supports | "[Supported package ecosystems](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)" |
-| {% data variables.product.prodname_dependabot_security_updates %} are not disabled for the repository | "[Managing {% data variables.product.prodname_dependabot_security_updates %} for your repository](#managing-dependabot-security-updates-for-your-repositories)" |
-
-If security updates are not enabled for your repository and you don't know why, first try enabling them using the instructions given in the procedural sections below. If security updates are still not working, you can contact {% data variables.contact.contact_support %}.
-
-## Managing {% data variables.product.prodname_dependabot_security_updates %} for your repositories
-
-You can enable or disable {% data variables.product.prodname_dependabot_security_updates %} for an individual repository (see below).
-
-You can also enable or disable {% data variables.product.prodname_dependabot_security_updates %} for all repositories owned by your user account or organization. For more information, see "[Managing security and analysis settings for your user account](/github/setting-up-and-managing-your-github-user-account/managing-security-and-analysis-settings-for-your-user-account)" or "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)."
-
-{% data variables.product.prodname_dependabot_security_updates %} require specific repository settings. For more information, see "[Supported repositories](#supported-repositories)."
-
-### Enabling or disabling {% data variables.product.prodname_dependabot_security_updates %} for an individual repository
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-security-and-analysis %}
-1. Under "Code security and analysis", to the right of "{% data variables.product.prodname_dependabot %} security updates", click **Enable** to enable the feature or **Disable** to disable it. {% ifversion fpt or ghec %}For public repositories, the button is disabled if the feature is always enabled.{% endif %}
-  {% ifversion fpt or ghec %}!["Code security and analysis" section with button to enable {% data variables.product.prodname_dependabot_security_updates %}](/assets/images/help/repository/enable-dependabot-security-updates-button.png){% else %}!["Code security and analysis" section with button to enable {% data variables.product.prodname_dependabot_security_updates %}](/assets/images/enterprise/3.3/repository/security-and-analysis-disable-or-enable-ghes.png){% endif %}
-
-
-## Further reading
-
-- "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)"{% ifversion fpt or ghec %}
-- "[Managing data use settings for your private repository](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)"{% endif %}
-- "[Supported package ecosystems](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)"
diff --git a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/index.md b/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/index.md
deleted file mode 100644
index 69351ec479f8..000000000000
--- a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/index.md
+++ /dev/null
@@ -1,36 +0,0 @@
----
-title: Administrar vulnerabilidades en las dependencias de tus proyectos
-intro: 'Puedes rastrear las dependencias de tu repositorio y recibir {% data variables.product.prodname_dependabot_alerts %} cuando {% data variables.product.product_name %} detecte dependencias vulnerables.'
-redirect_from:
-  - /articles/updating-your-project-s-dependencies
-  - /articles/updating-your-projects-dependencies
-  - /articles/managing-security-vulnerabilities-in-your-projects-dependencies
-  - /articles/managing-vulnerabilities-in-your-projects-dependencies
-  - /github/managing-security-vulnerabilities/managing-vulnerabilities-in-your-projects-dependencies
-versions:
-  fpt: '*'
-  ghes: '*'
-  ghae: issue-4864
-  ghec: '*'
-topics:
-  - Repositories
-  - Dependabot
-  - Version updates
-  - Dependencies
-  - Pull requests
-  - Vulnerabilities
-  - Alerts
-children:
-  - /about-managing-vulnerable-dependencies
-  - /browsing-security-vulnerabilities-in-the-github-advisory-database
-  - /editing-security-advisories-in-the-github-advisory-database
-  - /about-alerts-for-vulnerable-dependencies
-  - /configuring-notifications-for-vulnerable-dependencies
-  - /about-dependabot-security-updates
-  - /configuring-dependabot-security-updates
-  - /viewing-and-updating-vulnerable-dependencies-in-your-repository
-  - /troubleshooting-the-detection-of-vulnerable-dependencies
-  - /troubleshooting-dependabot-errors
-shortTitle: Arreglar dependencias vulnerables
----
-
diff --git a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors.md b/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors.md
deleted file mode 100644
index f0e5dc57aa97..000000000000
--- a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors.md
+++ /dev/null
@@ -1,127 +0,0 @@
----
-title: Troubleshooting Dependabot errors
-intro: 'Sometimes {% data variables.product.prodname_dependabot %} is unable to raise a pull request to update your dependencies. You can review the error and unblock {% data variables.product.prodname_dependabot %}.'
-shortTitle: Troubleshoot errors
-redirect_from:
-  - /github/managing-security-vulnerabilities/troubleshooting-github-dependabot-errors
-  - /github/managing-security-vulnerabilities/troubleshooting-dependabot-errors
-  - /code-security/supply-chain-security/troubleshooting-dependabot-errors
-versions:
-  fpt: '*'
-  ghec: '*'
-  ghes: '>3.2'
-type: how_to
-topics:
-  - Dependabot
-  - Security updates
-  - Version updates
-  - Repositories
-  - Pull requests
-  - Troubleshooting
-  - Errors
-  - Dependencies
----
-
-{% data reusables.dependabot.beta-security-and-version-updates %}
-
-{% data reusables.dependabot.enterprise-enable-dependabot %}
-
-## About {% data variables.product.prodname_dependabot %} errors
-
-{% data reusables.dependabot.pull-request-introduction %}
-
-If anything prevents {% data variables.product.prodname_dependabot %} from raising a pull request, this is reported as an error.
-
-## Investigating errors with {% data variables.product.prodname_dependabot_security_updates %}
-
-When {% data variables.product.prodname_dependabot %} is blocked from creating a pull request to fix a {% data variables.product.prodname_dependabot %} alert, it posts the error message on the alert. The {% data variables.product.prodname_dependabot_alerts %} view shows a list of any alerts that have not been resolved yet. To access the alerts view, click **{% data variables.product.prodname_dependabot_alerts %}** on the **Security** tab for the repository. Where a pull request that will fix the vulnerable dependency has been generated, the alert includes a link to that pull request.
-
-![{% data variables.product.prodname_dependabot_alerts %} view showing a pull request link](/assets/images/help/dependabot/dependabot-alert-pr-link.png)
-
-There are three reasons why an alert may have no pull request link:
-
-1. {% data variables.product.prodname_dependabot_security_updates %} are not enabled for the repository.
-1. The alert is for an indirect or transitive dependency that is not explicitly defined in a lock file.
-1. An error blocked {% data variables.product.prodname_dependabot %} from creating a pull request.
-
-If an error blocked {% data variables.product.prodname_dependabot %} from creating a pull request, you can display details of the error by clicking the alert.
-
-## Investigating errors with {% data variables.product.prodname_dependabot_version_updates %}
-
-When {% data variables.product.prodname_dependabot %} is blocked from creating a pull request to update a dependency in an ecosystem, it posts the error icon on the manifest file. The manifest files that are managed by {% data variables.product.prodname_dependabot %} are listed on the {% data variables.product.prodname_dependabot %} tab. To access this tab, on the **Insights** tab for the repository click **Dependency graph**, and then click the **{% data variables.product.prodname_dependabot %}** tab.
-
-![{% data variables.product.prodname_dependabot %} view showing an error](/assets/images/help/dependabot/dependabot-tab-view-error.png)
-
-{% ifversion fpt or ghec %}
-
-To see the log file for any manifest file, click the **Last checked TIME ago** link. When you display the log file for a manifest that's shown with an error symbol (for example, Maven in the screenshot above), any errors are also displayed.
-
-![{% data variables.product.prodname_dependabot %} version update error and log ](/assets/images/help/dependabot/dependabot-version-update-error.png)
-
-{% else %}
-
-To see the logs for any manifest file, click the **Last checked TIME ago** link, and then click **View logs**.
-
-![{% data variables.product.prodname_dependabot %} version update error and log ](/assets/images/enterprise/3.3/dependabot/dependabot-version-update-error.png)
-
-{% endif %}
-
-## Understanding {% data variables.product.prodname_dependabot %} errors
-
-Pull requests for security updates act to upgrade a vulnerable dependency to the minimum version that includes a fix for the vulnerability. In contrast, pull requests for version updates act to upgrade a dependency to the latest version allowed by the package manifest and {% data variables.product.prodname_dependabot %} configuration files. Consequently, some errors are specific to one type of update.
-
-### {% data variables.product.prodname_dependabot %} cannot update DEPENDENCY to a non-vulnerable version
-
-**Security updates only.** {% data variables.product.prodname_dependabot %} cannot create a pull request to update the vulnerable dependency to a secure version without breaking other dependencies in the dependency graph for this repository.
-
-Every application that has dependencies has a dependency graph, that is, a directed acyclic graph of every package version that the application directly or indirectly depends on. Every time a dependency is updated, this graph must resolve otherwise the application won't build. When an ecosystem has a deep and complex dependency graph, for example, npm and RubyGems, it is often impossible to upgrade a single dependency without upgrading the whole ecosystem.
-
-The best way to avoid this problem is to stay up to date with the most recently released versions, for example, by enabling version updates. This increases the likelihood that a vulnerability in one dependency can be resolved by a simple upgrade that doesn't break the dependency graph. For more information, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)."
-
-### {% data variables.product.prodname_dependabot %} cannot update to the required version as there is already an open pull request for the latest version
-
-**Security updates only.** {% data variables.product.prodname_dependabot %} will not create a pull request to update the vulnerable dependency to a secure version because there is already an open pull request to update this dependency. You will see this error when a vulnerability is detected in a single dependency and there's already an open pull request to update the dependency to the latest version.
-
-There are two options: you can review the open pull request and merge it as soon as you are confident that the change is safe, or close that pull request and trigger a new security update pull request. For more information, see "[Triggering a {% data variables.product.prodname_dependabot %} pull request manually](#triggering-a-dependabot-pull-request-manually)."
-
-### {% data variables.product.prodname_dependabot %} timed out during its update
-
-{% data variables.product.prodname_dependabot %} took longer than the maximum time allowed to assess the update required and prepare a pull request. This error is usually seen only for large repositories with many manifest files, for example, npm or yarn monorepo projects with hundreds of *package.json* files. Updates to the Composer ecosystem also take longer to assess and may time out.
-
-This error is difficult to address. If a version update times out, you could specify the most important dependencies to update using the `allow` parameter or, alternatively, use the `ignore` parameter to exclude some dependencies from updates. Updating your configuration might allow {% data variables.product.prodname_dependabot %} to review the version update and generate the pull request in the time available.
-
-If a security update times out, you can reduce the chances of this happening by keeping the dependencies updated, for example, by enabling version updates. For more information, see "[Enabling and disabling {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)."
-
-### {% data variables.product.prodname_dependabot %} cannot open any more pull requests
-
-There's a limit on the number of open pull requests {% data variables.product.prodname_dependabot %} will generate. When this limit is reached, no new pull requests are opened and this error is reported. The best way to resolve this error is to review and merge some of the open pull requests.
-
-There are separate limits for security and version update pull requests, so that open version update pull requests cannot block the creation of a security update pull request. The limit for security update pull requests is 10. By default, the limit for version updates is 5 but you can change this using the `open-pull-requests-limit` parameter in the configuration file. For more information, see "[Configuration options for dependency updates](/github/administering-a-repository/configuration-options-for-dependency-updates#open-pull-requests-limit)."
-
-The best way to resolve this error is to merge or close some of the existing pull requests and trigger a new pull request manually. For more information, see "[Triggering a {% data variables.product.prodname_dependabot %} pull request manually](#triggering-a-dependabot-pull-request-manually)."
-
-### {% data variables.product.prodname_dependabot %} can't resolve or access your dependencies
-
-If {% data variables.product.prodname_dependabot %} attempts to check whether dependency references need to be updated in a repository, but can't access one or more of the referenced files, the operation will fail with the error message "{% data variables.product.prodname_dependabot %} can't resolve your LANGUAGE dependency files." The API error type is `git_dependencies_not_reachable`.
-
-Similarly, if {% data variables.product.prodname_dependabot %} can't access a private package registry in which a dependency is located, one of the following errors is generated:
-
-*	"Dependabot can't reach a dependency in a private package registry"<br>
-   (API error type: `private_source_not_reachable`)
-*	"Dependabot can't authenticate to a private package registry"<br>
-   (API error type:`private_source_authentication_failure`)
-*	"Dependabot timed out while waiting for a private package registry"<br>
-   (API error type:`private_source_timed_out`)
-*	"Dependabot couldn't validate the certificate for a private package registry"<br>
-   (API error type:`private_source_certificate_failure`)
-
-To allow {% data variables.product.prodname_dependabot %} to update the dependency references successfully, make sure that all of the referenced dependencies are hosted at accessible locations. 
-
-**Version updates only.** {% data reusables.dependabot.private-dependencies-note %} Additionally, {% data variables.product.prodname_dependabot %} doesn't support private {% data variables.product.prodname_dotcom %} dependencies for all package managers. For more information, see "[About Dependabot version updates](/github/administering-a-repository/about-dependabot-version-updates#supported-repositories-and-ecosystems)."
-
-## Triggering a {% data variables.product.prodname_dependabot %} pull request manually
-
-If you unblock {% data variables.product.prodname_dependabot %}, you can manually trigger a fresh attempt to create a pull request.
-
-- **Security updates**—display the {% data variables.product.prodname_dependabot %} alert that shows the error you have fixed and click **Create {% data variables.product.prodname_dependabot %} security update**.
-- **Version updates**—on the **Insights** tab for the repository click **Dependency graph**, and then click the **Dependabot** tab. Click **Last checked *TIME* ago** to see the log file that {% data variables.product.prodname_dependabot %} generated during the last check for version updates. Click **Check for updates**.
diff --git a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies.md b/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies.md
deleted file mode 100644
index 4a967cf2fb29..000000000000
--- a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies.md
+++ /dev/null
@@ -1,124 +0,0 @@
----
-title: Troubleshooting the detection of vulnerable dependencies
-intro: 'If the dependency information reported by {% data variables.product.product_name %} is not what you expected, there are a number of points to consider, and various things you can check.'
-shortTitle: Troubleshoot detection
-redirect_from:
-  - /github/managing-security-vulnerabilities/troubleshooting-the-detection-of-vulnerable-dependencies
-  - /code-security/supply-chain-security/troubleshooting-the-detection-of-vulnerable-dependencies
-versions:
-  fpt: '*'
-  ghes: '*'
-  ghae: issue-4864
-  ghec: '*'
-type: how_to
-topics:
-  - Dependabot
-  - Alerts
-  - Troubleshooting
-  - Errors
-  - Security updates
-  - Dependencies
-  - Vulnerabilities
-  - Dependency graph
-  - Alerts
-  - CVEs
-  - Repositories
----
-
-{% data reusables.dependabot.beta-security-and-version-updates %}
-
-The results of dependency detection reported by {% data variables.product.product_name %} may be different from the results returned by other tools. There are good reasons for this and it's helpful to understand how {% data variables.product.prodname_dotcom %} determines dependencies for your project.
-
-## Why do some dependencies seem to be missing?
-
-{% data variables.product.prodname_dotcom %} generates and displays dependency data differently than other tools. Consequently, if you've been using another tool to identify dependencies you will almost certainly see different results. Consider the following:
-
-*   {% data variables.product.prodname_advisory_database %} is one of the data sources that {% data variables.product.prodname_dotcom %} uses to identify vulnerable dependencies. It's a free, curated database of vulnerability information for common package ecosystems on {% data variables.product.prodname_dotcom %}. It includes both data reported directly to {% data variables.product.prodname_dotcom %} from {% data variables.product.prodname_security_advisories %}, as well as official feeds and community sources. This data is reviewed and curated by {% data variables.product.prodname_dotcom %} to ensure that false or unactionable information is not shared with the development community. {% data reusables.security-advisory.link-browsing-advisory-db %}
-*   The dependency graph parses all known package manifest files in a user’s repository. For example, for npm it will parse the _package-lock.json_ file. It constructs a graph of all of the repository’s dependencies and public dependents. This happens when you enable the dependency graph and when anyone pushes to the default branch, and it includes commits that makes changes to a supported manifest format. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)."
-*   {% data variables.product.prodname_dependabot %} scans any push, to the default branch, that contains a manifest file. When a new vulnerability record is added, it scans all existing repositories and generates an alert for each vulnerable repository. {% data variables.product.prodname_dependabot_alerts %} are aggregated at the repository level, rather than creating one alert per vulnerability. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."
-*   {% ifversion fpt or ghec or ghes > 3.2 %}{% data variables.product.prodname_dependabot_security_updates %} are triggered when you receive an alert about a vulnerable dependency in your repository. Where possible, {% data variables.product.prodname_dependabot %} creates a pull request in your repository to upgrade the vulnerable dependency to the minimum possible secure version needed to avoid the vulnerability. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)" and "[Troubleshooting {% data variables.product.prodname_dependabot %} errors](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)."
-  
-    {% endif %}{% data variables.product.prodname_dependabot %} doesn't scan repositories for vulnerable dependencies on a schedule, but rather when something changes. For example, a scan is triggered when a new dependency is added ({% data variables.product.prodname_dotcom %} checks for this on every push), or when a new vulnerability is added to the advisory database{% ifversion ghes or ghae-issue-4864 %} and synchronized to {% data variables.product.product_location %}{% endif %}. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#detection-of-vulnerable-dependencies)."
-
-## Why don't I get vulnerability alerts for some ecosystems?
-
-{% data variables.product.prodname_dotcom %} limits its support for vulnerability alerts to a set of ecosystems where we can provide high-quality, actionable data. Curated vulnerabilities in the {% data variables.product.prodname_advisory_database %}, the dependency graph, {% ifversion fpt or ghec %}{% data variables.product.prodname_dependabot %} security updates, {% endif %}and  {% data variables.product.prodname_dependabot_alerts %} are provided for several ecosystems, including Java’s Maven, JavaScript’s npm and Yarn, .NET’s NuGet, Python’s pip, Ruby's RubyGems, and PHP’s Composer. We'll continue to add support for more ecosystems over time. For an overview of the package ecosystems that we support, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)."
-
-It's worth noting that {% data variables.product.prodname_dotcom %} Security Advisories may exist for other ecosystems. The information in a security advisory is provided by the maintainers of a particular repository. This data is not curated in the same way as information for the supported ecosystems. {% ifversion fpt or ghec %}For more information, see "[About {% data variables.product.prodname_dotcom %} Security Advisories](/github/managing-security-vulnerabilities/about-github-security-advisories)."{% endif %}
-
-**Check**: Does the uncaught vulnerability apply to an unsupported ecosystem?
-
-## Does the dependency graph only find dependencies in manifests and lockfiles?
-
-The dependency graph includes information on dependencies that are explicitly declared in your environment. That is, dependencies that are specified in a manifest or a lockfile. The dependency graph generally also includes transitive dependencies, even when they aren't specified in a lockfile, by looking at the dependencies of the dependencies in a manifest file.
-
-{% data variables.product.prodname_dependabot_alerts %} advise you about dependencies you should update, including transitive dependencies, where the version can be determined from a manifest or a lockfile. {% ifversion fpt or ghec or ghes > 3.2 %}{% data variables.product.prodname_dependabot_security_updates %} only suggest a change where {% data variables.product.prodname_dependabot %} can directly "fix" the dependency, that is, when these are:
-* Direct dependencies explicitly declared in a manifest or lockfile
-* Transitive dependencies declared in a lockfile{% endif %}
-
-The dependency graph doesn't include "loose" dependencies. "Loose" dependencies are individual files that are copied from another source and checked into the repository directly or within an archive (such as a ZIP or JAR file), rather than being referenced by in a package manager’s manifest or lockfile. 
-
-**Check**: Is the uncaught vulnerability for a component that's not specified in the repository's manifest or lockfile?
-
-## Does the dependency graph detect dependencies specified using variables?
-
-The dependency graph analyzes manifests as they’re pushed to {% data variables.product.prodname_dotcom %}. The dependency graph doesn't, therefore, have access to the build environment of the project, so it can't resolve variables used within manifests. If you use variables within a manifest to specify the name, or more commonly the version of a dependency, then that dependency will not be included in the dependency graph.
-
-**Check**: Is the missing dependency declared in the manifest by using a variable for its name or version?
-
-## Are there limits which affect the dependency graph data?
-
-Yes, the dependency graph has two categories of limits:
-
-1. **Processing limits**
-
-    These affect the dependency graph displayed within {% data variables.product.prodname_dotcom %} and also prevent {% data variables.product.prodname_dependabot_alerts %} being created.
-
-    Manifests over 0.5 MB in size are only processed for enterprise accounts. For other accounts, manifests over 0.5 MB are ignored and will not create {% data variables.product.prodname_dependabot_alerts %}.
-
-    By default, {% data variables.product.prodname_dotcom %} will not process more than 20 manifests per repository. {% data variables.product.prodname_dependabot_alerts %} are not created for manifests beyond this limit. If you need to increase the limit, contact {% data variables.contact.contact_support %}. 
-
-2. **Visualization limits**
-
-    These affect what's displayed in the dependency graph within {% data variables.product.prodname_dotcom %}. However, they don't affect the {% data variables.product.prodname_dependabot_alerts %} that are created.
-
-    The Dependencies view of the dependency graph for a repository only displays 100 manifests. Typically this is adequate as it is significantly higher than the processing limit described above. In situations where the processing limit is over 100, {% data variables.product.prodname_dependabot_alerts %} are still created for any manifests that are not shown within {% data variables.product.prodname_dotcom %}.
-
-**Check**: Is the missing dependency in a manifest file that's over 0.5 MB, or in a repository with a large number of manifests?
-
-## Does {% data variables.product.prodname_dependabot %} generate alerts for vulnerabilities that have been known for many years?
-
-The {% data variables.product.prodname_advisory_database %} was launched in November 2019, and initially back-filled to include vulnerability information for the supported ecosystems, starting from 2017. When adding CVEs to the database, we prioritize curating newer CVEs, and CVEs affecting newer versions of software.
-
-Some information on older vulnerabilities is available, especially where these CVEs are particularly widespread, however some old vulnerabilities are not included in the {% data variables.product.prodname_advisory_database %}. If there's a specific old vulnerability that you need to be included in the database, contact {% data variables.contact.contact_support %}. 
-
-**Check**: Does the uncaught vulnerability have a publish date earlier than 2017 in the National Vulnerability Database?
-
-## Why does {% data variables.product.prodname_advisory_database %} use a subset of published vulnerability data?
-
-Some third-party tools use uncurated CVE data that isn't checked or filtered by a human. This means that CVEs with tagging or severity errors, or other quality issues, will cause more frequent, more noisy, and less useful alerts.
-
-Since {% data variables.product.prodname_dependabot %} uses curated data in the {% data variables.product.prodname_advisory_database %}, the volume of alerts may be lower, but the alerts you do receive will be accurate and relevant.
-
-{% ifversion fpt or ghec %}
-## Does each dependency vulnerability generate a separate alert?
-
-When a dependency has multiple vulnerabilities, an alert is generated for each vulnerability at the level of advisory plus manifest.
-
-![Screenshot of the {% data variables.product.prodname_dependabot_alerts %} tab showing two alerts from the same package with different manifests.](/assets/images/help/repository/dependabot-alerts-view.png)
-
-Legacy {% data variables.product.prodname_dependabot_alerts %} were grouped into a single aggregated alert with all the vulnerabilities for the same dependency. If you navigate to a link to a legacy {% data variables.product.prodname_dependabot %} alert, you will be redirected to the {% data variables.product.prodname_dependabot_alerts %} tab filtered to display vulnerabilities for that dependent package and manifest.
-
-![Screenshot of the {% data variables.product.prodname_dependabot_alerts %} tab showing the filtered alerts from navigating to a legacy {% data variables.product.prodname_dependabot %} alert.](/assets/images/help/repository/legacy-dependabot-alerts-view.png)
-
-The {% data variables.product.prodname_dependabot_alerts %} count in {% data variables.product.prodname_dotcom %} shows a total for the number of alerts, which is the number of vulnerabilities, not the number of dependencies.
-
-**Check**: If there is a discrepancy in the totals you are seeing, check that you are not comparing alert numbers with dependency numbers. Also check that you are viewing all alerts and not a subset of filtered alerts.
-{% endif %}
-
-## Further reading
-
-- "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)"
-- "[Viewing and updating vulnerable dependencies in your repository](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)"
-- "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)"{% ifversion fpt or ghec or ghes > 3.2 %}
-- "[Troubleshooting {% data variables.product.prodname_dependabot %} errors](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)"{% endif %}
diff --git a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository.md b/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository.md
deleted file mode 100644
index ce51732a370f..000000000000
--- a/translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository.md
+++ /dev/null
@@ -1,119 +0,0 @@
----
-title: Viewing and updating vulnerable dependencies in your repository
-intro: 'If {% data variables.product.product_name %} discovers vulnerable dependencies in your project, you can view them on the Dependabot alerts tab of your repository. Then, you can update your project to resolve or dismiss the vulnerability.'
-redirect_from:
-  - /articles/viewing-and-updating-vulnerable-dependencies-in-your-repository
-  - /github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository
-  - /code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository
-permissions: Repository administrators and organization owners can view and update dependencies.
-shortTitle: View vulnerable dependencies
-versions:
-  fpt: '*'
-  ghes: '*'
-  ghae: issue-4864
-  ghec: '*'
-type: how_to
-topics:
-  - Dependabot
-  - Security updates
-  - Alerts
-  - Dependencies
-  - Pull requests
-  - Repositories
----
-
-{% data reusables.dependabot.beta-security-and-version-updates %}
-{% data reusables.dependabot.enterprise-enable-dependabot %}
-
-Your repository's {% data variables.product.prodname_dependabot_alerts %} tab lists all open and closed {% data variables.product.prodname_dependabot_alerts %}{% ifversion fpt or ghec or ghes > 3.2 %} and corresponding {% data variables.product.prodname_dependabot_security_updates %}{% endif %}. You can{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5638 %} filter alerts by package, ecosystem, or manifest. You can also{% endif %} sort the list of alerts, and you can click into specific alerts for more details. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."
-
-{% ifversion fpt or ghec or ghes > 3.2 %}
-You can enable automatic security updates for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)."
-{% endif %}
-
-{% data reusables.repositories.dependency-review %}
-
-{% ifversion fpt or ghec or ghes > 3.2 %}
-## About updates for vulnerable dependencies in your repository
-
-{% data variables.product.product_name %} generates {% data variables.product.prodname_dependabot_alerts %} when we detect that your codebase is using dependencies with known vulnerabilities. For repositories where {% data variables.product.prodname_dependabot_security_updates %} are enabled, when {% data variables.product.product_name %} detects a vulnerable dependency in the default branch, {% data variables.product.prodname_dependabot %} creates a pull request to fix it. The pull request will upgrade the dependency to the minimum possible secure version needed to avoid the vulnerability.
-
-{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5638 %}You can sort and filter {% data variables.product.prodname_dependabot_alerts %} with the dropdown menus in the {% data variables.product.prodname_dependabot_alerts %} tab or by typing filters as `key:value` pairs into the search bar. The available filters are repository (for example, `repo:my-repository`), package (for example, `package:django`), ecosystem (for example, `ecosystem:npm`), manifest (for example, `manifest:webwolf/pom.xml`), state (for example, `is:open`), and whether an advisory has a patch (for example, `has: patch`).
-
-Each {% data variables.product.prodname_dependabot %} alert has a unique numeric identifier and the {% data variables.product.prodname_dependabot_alerts %} tab lists an alert for every detected vulnerability. Legacy {% data variables.product.prodname_dependabot_alerts %} grouped vulnerabilities by dependency and generated a single alert per dependency. If you navigate to a legacy {% data variables.product.prodname_dependabot %} alert, you will be redirected to a {% data variables.product.prodname_dependabot_alerts %} tab filtered for that package. {% endif %}
-{% endif %}
-
-## Viewing and updating vulnerable dependencies
-
-{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5638 %}
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-security %}
-{% data reusables.repositories.sidebar-dependabot-alerts %}
-1. Optionally, to filter alerts, select the **Repository**, **Package**, **Ecosystem**, or **Manifest** dropdown menu then click the filter that you would like to apply. You can also type filters into the search bar. For example, `ecosystem:npm` or `has:patch`. To sort alerts, select the **Sort** dropdown menu then click the option that you would like to sort by.
-  ![Screenshot of the filter and sort menus in the {% data variables.product.prodname_dependabot_alerts %} tab](/assets/images/help/graphs/dependabot-alerts-filters.png)
-1. Click the alert that you would like to view.
-  ![Alert selected in list of alerts](/assets/images/help/graphs/click-alert-in-alerts-list-ungrouped.png)
-1. Review the details of the vulnerability and, if available, the pull request containing the automated security update.
-1. Optionally, if there isn't already a {% data variables.product.prodname_dependabot_security_updates %} update for the alert, to create a pull request to resolve the vulnerability, click **Create {% data variables.product.prodname_dependabot %} security update**.
-  ![Create {% data variables.product.prodname_dependabot %} security update button](/assets/images/help/repository/create-dependabot-security-update-button-ungrouped.png)
-1. When you're ready to update your dependency and resolve the vulnerability, merge the pull request. Each pull request raised by {% data variables.product.prodname_dependabot %} includes information on commands you can use to control {% data variables.product.prodname_dependabot %}. For more information, see "[Managing pull requests for dependency updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands)."
-1. Optionally, if the alert is being fixed, if it's incorrect, or located in unused code, select the "Dismiss" dropdown, and click a reason for dismissing the alert.{% if reopen-dependabot-alerts %} Unfixed dismissed alerts can be reopened later.{% endif %}
-   ![Choosing reason for dismissing the alert via the "Dismiss" drop-down](/assets/images/help/repository/dependabot-alert-dismiss-drop-down-ungrouped.png)
-
-{% elsif ghes = 3.3 %}
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-security %}
-{% data reusables.repositories.sidebar-dependabot-alerts %}
-1. Click the alert you'd like to view.
-  ![Alert selected in list of alerts](/assets/images/help/graphs/click-alert-in-alerts-list.png)
-1. Review the details of the vulnerability and, if available, the pull request containing the automated security update.
-1. Optionally, if there isn't already a {% data variables.product.prodname_dependabot_security_updates %} update for the alert, to create a pull request to resolve the vulnerability, click **Create {% data variables.product.prodname_dependabot %} security update**.
-  ![Create {% data variables.product.prodname_dependabot %} security update button](/assets/images/help/repository/create-dependabot-security-update-button.png)
-1. When you're ready to update your dependency and resolve the vulnerability, merge the pull request. Each pull request raised by {% data variables.product.prodname_dependabot %} includes information on commands you can use to control {% data variables.product.prodname_dependabot %}. For more information, see "[Managing pull requests for dependency updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands)."
-1. Optionally, if the alert is being fixed, if it's incorrect, or located in unused code, select the "Dismiss" drop-down, and click a reason for dismissing the alert.
-   ![Choosing reason for dismissing the alert via the "Dismiss" drop-down](/assets/images/help/repository/dependabot-alert-dismiss-drop-down.png)
-
-{% elsif ghes = 3.1 or ghes = 3.2 or ghae-issue-4864 %}
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-security %}
-{% data reusables.repositories.sidebar-dependabot-alerts %}
-1. Click the alert you'd like to view.
-  ![Alert selected in list of alerts](/assets/images/enterprise/graphs/click-alert-in-alerts-list.png)
-1. Review the details of the vulnerability and determine whether or not you need to update the dependency.
-1. When you merge a pull request that updates the manifest or lock file to a secure version of the dependency, this will resolve the alert. Alternatively, if you decide not to update the dependency, select the **Dismiss** drop-down, and click a reason for dismissing the alert.
-   ![Choosing reason for dismissing the alert via the "Dismiss" drop-down](/assets/images/enterprise/repository/dependabot-alert-dismiss-drop-down.png)
-
-{% else %}
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.accessing-repository-graphs %}
-{% data reusables.repositories.click-dependency-graph %}
-1. Click the version number of the vulnerable dependency to display detailed information.
-  ![Detailed information on the vulnerable dependency](/assets/images/enterprise/3.0/dependabot-alert-info.png)
-1. Review the details of the vulnerability and determine whether or not you need to update the dependency. When you merge a pull request that updates the manifest or lock file to a secure version of the dependency, this will resolve the alert.
-1. The banner at the top of the **Dependencies** tab is displayed until all the vulnerable dependencies are resolved or you dismiss it. Click **Dismiss** in the top right corner of the banner and select a reason for dismissing the alert.
-  ![Dismiss security banner](/assets/images/enterprise/3.0/dependabot-alert-dismiss.png)
-{% endif %}
-
-{% if reopen-dependabot-alerts %}
-
-## Viewing and updating closed alerts
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-security %}
-{% data reusables.repositories.sidebar-dependabot-alerts %}
-1. To just view closed alerts, click **Closed**.
-  ![Screenshot showing the "Closed" option](/assets/images/help/repository/dependabot-alerts-closed.png)
-1. Click the alert that you would like to view or update.
-  ![Screenshot showing a highlighted dependabot alert](/assets/images/help/repository/dependabot-alerts-select-closed-alert.png)
-2. Optionally, if the alert was dismissed and you wish to reopen it, click **Reopen**.
-  ![Screenshot showing the "Reopen" button](/assets/images/help/repository/reopen-dismissed-alert.png)
-
-{% endif %}
-
-## Further reading
-
-- "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)"{% ifversion fpt or ghec or ghes > 3.2 %}
-- "[Configuring {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates)"{% endif %}
-- "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)"
-- "[Troubleshooting the detection of vulnerable dependencies](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies)"{% ifversion fpt or ghec or ghes > 3.2 %}
-- "[Troubleshooting {% data variables.product.prodname_dependabot %} errors](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)"{% endif %}
diff --git a/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md b/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md
index a6b5986909dd..fdc3d5e35b20 100644
--- a/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md
+++ b/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md
@@ -41,7 +41,7 @@ Sometimes you might just want to update the version of one dependency in a manif
 
 By checking the dependency reviews in a pull request, and changing any dependencies that are flagged as vulnerable, you can avoid vulnerabilities being added to your project. For more information about how dependency review works, see "[Reviewing dependency changes in a pull request](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request)."
 
-{% data variables.product.prodname_dependabot_alerts %} will find vulnerabilities that are already in your dependencies, but it's much better to avoid introducing potential problems than to fix problems at a later date. For more information about {% data variables.product.prodname_dependabot_alerts %}, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)."
+{% data variables.product.prodname_dependabot_alerts %} will find vulnerabilities that are already in your dependencies, but it's much better to avoid introducing potential problems than to fix problems at a later date. For more information about {% data variables.product.prodname_dependabot_alerts %}, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)."
 
 Dependency review supports the same languages and package management ecosystems as the dependency graph. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)."
 
@@ -49,4 +49,4 @@ Dependency review supports the same languages and package management ecosystems
 ## Enabling dependency review
 
 The dependency review feature becomes available when you enable the dependency graph. {% ifversion ghec %}For more information, see "[Enabling the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#enabling-the-dependency-graph)."{% endif %}{% ifversion ghes or ghae %}For more information, see "[Enabling the dependency graph for your enterprise](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise)."{% endif %}
-{% endif %}
\ No newline at end of file
+{% endif %}
diff --git a/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md b/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md
new file mode 100644
index 000000000000..a23eb06134ba
--- /dev/null
+++ b/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md
@@ -0,0 +1,154 @@
+---
+title: About supply chain security
+intro: '{% data variables.product.product_name %} helps you secure your supply chain, from understanding the dependencies in your environment, to knowing about vulnerabilities in those dependencies{% ifversion fpt or ghec or ghes > 3.2 %}, and patching them{% endif %}.'
+miniTocMaxHeadingLevel: 3
+shortTitle: Seguridad de la cadena de suministro
+redirect_from:
+  - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies
+versions:
+  fpt: '*'
+  ghes: '*'
+  ghae: issue-4864
+  ghec: '*'
+type: overview
+topics:
+  - Advanced Security
+  - Dependency review
+  - Dependency graph
+  - Vulnerabilities
+  - Dependencies
+  - Pull requests
+  - Repositories
+---
+
+## About supply chain security at GitHub
+
+With the accelerated use of open source, most projects depend on hundreds of open-source dependencies. This poses a security problem: what if the dependencies you're using are vulnerable? You could be putting your users at risk of a supply chain attack. One of the most important things you can do to protect your supply chain is to patch your vulnerabilities.
+
+You add dependencies directly to your supply chain when you specify them in a manifest file or a lockfile. Dependencies can also be included transitively, that is, even if you don’t specify a particular dependency, but a dependency of yours uses it, then you’re also dependent on that dependency.
+
+{% data variables.product.product_name %} offers a range of features to help you understand the dependencies in your environment{% ifversion ghes < 3.3 or ghae %} and know about vulnerabilities in those dependencies{% endif %}{% ifversion fpt or ghec or ghes > 3.2 %}, know about vulnerabilities in those dependencies, and patch them{% endif %}.
+
+The supply chain features on {% data variables.product.product_name %} are:
+- **Gráfica de dependencias**
+{% ifversion fpt or ghec or ghes > 3.1 or ghae %}- **Dependency review**{% endif %}
+- **{% data variables.product.prodname_dependabot_alerts %} **
+{% ifversion fpt or ghec or ghes > 3.2 %}- **{% data variables.product.prodname_dependabot_updates %}**
+  - **{% data variables.product.prodname_dependabot_security_updates %}**
+  - **{% data variables.product.prodname_dependabot_version_updates %}**{% endif %}
+
+The dependency graph is central to supply chain security. The dependency graph identifies all upstream dependencies and public downstream dependents of a repository or package. You can see your repository’s dependencies and some of their properties, like vulnerability information, on the dependency graph for the repository.
+
+{% ifversion fpt or ghec or ghes > 3.1 or ghae %}
+Other supply chain features on {% data variables.product.prodname_dotcom %} rely on the information provided by the dependency graph.
+
+- Dependency review uses the dependency graph to identify dependency changes and help you understand the security impact of these changes when you review pull requests.
+- {% data variables.product.prodname_dependabot %} cross-references dependency data provided by the dependency graph with the list of known vulnerabilities published in the {% data variables.product.prodname_advisory_database %}, scans your dependecies and generates {% data variables.product.prodname_dependabot_alerts %} when a potential vulnerability is detected.
+{% ifversion fpt or ghec or ghes > 3.2 %}- {% data variables.product.prodname_dependabot_security_updates %} use the dependency graph and  {% data variables.product.prodname_dependabot_alerts %} to help you update dependencies with known vulnerabilities in your repository.
+
+{% data variables.product.prodname_dependabot_version_updates %} don't use the dependency graph and rely on the semantic versioning of dependencies instead. {% data variables.product.prodname_dependabot_version_updates %} help you keep your dependencies updated, even when they don’t have any vulnerabilities.
+{% endif %}
+{% endif %}
+
+{% ifversion ghes < 3.2 %}
+{% data variables.product.prodname_dependabot %} cross-references dependency data provided by the dependency graph with the list of known vulnerabilities published in the {% data variables.product.prodname_advisory_database %}, scans your dependencies and generates {% data variables.product.prodname_dependabot_alerts %} when a potential vulnerability is detected.
+ {% endif %}
+
+## Feature overview
+
+### What is the dependency graph
+
+To generate the dependency graph, {% data variables.product.company_short %} looks at a repository’s explicit dependencies declared in the manifest and lockfiles. When enabled, the dependency graph automatically parses all known package manifest files in the repository, and uses this to construct a graph with known dependency names and versions.
+
+- The dependency graph includes information on your _direct_ dependencies and _transitive_ dependencies.
+- The dependency graph is automatically updated when you push a commit to {% data variables.product.company_short %} that changes or adds a supported manifest or lock file to the default branch, and when anyone pushes a change to the repository of one of your dependencies.
+- You can see the dependency graph by opening the repository's main page on {% data variables.product.product_name %}, and navigating to the **Insights** tab.
+
+For more information about the dependency graph, see "[About the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)."
+
+{% ifversion fpt or ghec or ghes > 3.1 or ghae %}
+### What is dependency review
+
+Dependency review helps reviewers and contributors understand dependency changes and their security impact in every pull request.
+
+- Dependency review tells you which dependencies were added, removed, or updated, in a pull request. You can use the release dates, popularity of dependencies, and vulnerability information to help you decide whether to accept the change.
+- You can see the dependency review for a pull request by showing the rich diff on the **Files Changed** tab.
+
+For more information about dependency review, see "[About dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)."
+
+{% endif %}
+
+### What is Dependabot
+
+{% data variables.product.prodname_dependabot %} keeps your dependencies up to date by informing you of any security vulnerabilities in your dependencies{% ifversion fpt or ghec or ghes > 3.2 or ghae %}, and automatically opens pull requests to upgrade your dependencies to the next available secure version when a {% data variables.product.prodname_dependabot %} alert is triggered, or to the latest version when a release is published{% else %} so that you can update that dependency{% endif %}.
+
+{% ifversion fpt or ghec or ghes > 3.2 %}
+The term "{% data variables.product.prodname_dependabot %}" encompasses the following features:
+- {% data variables.product.prodname_dependabot_alerts %}—Displayed notification on the **Security** tab for the repository, and in the repository's dependency graph. La alerta incluye un enlace al archivo afectado en el proyecto e información acerca de la versión arreglada.
+- {% data variables.product.prodname_dependabot_updates %}:
+   - {% data variables.product.prodname_dependabot_security_updates %}—Triggered updates to upgrade your dependencies to a secure version when an alert is triggered.
+   - {% data variables.product.prodname_dependabot_version_updates %}—Scheduled updates to keep your dependencies up to date with the latest version.
+{% endif %}
+
+#### What are Dependabot alerts
+
+{% data variables.product.prodname_dependabot_alerts %} highlight repositories affected by a newly discovered vulnerability based on the dependency graph and the {% data variables.product.prodname_advisory_database %}, which contains the versions on known vulnerability lists.
+
+- El {% data variables.product.prodname_dependabot %} lleva a cabo un escaneo para detectar las dependencias vulnerables y envía {% data variables.product.prodname_dependabot_alerts %} cuando:
+{% ifversion fpt or ghec %}
+   - A new vulnerability is added to the {% data variables.product.prodname_advisory_database %}.{% else %}
+   - Se sincronizan los datos de las asesorías nuevas en {% data variables.product.product_location %} cada hora desde {% data variables.product.prodname_dotcom_the_website %}. {% data reusables.security-advisory.link-browsing-advisory-db %}{% endif %}
+   - The dependency graph for the repository changes.
+- {% data variables.product.prodname_dependabot_alerts %} are displayed {% ifversion fpt or ghec or ghes > 3.0 %} on the **Security** tab for the repository and{% endif %} in the repository's dependency graph. La alerta incluye {% ifversion fpt or ghec or ghes > 3.0 %}un enlace al archivo afectado en el proyecto e{% endif %}información sobre una versión corregida.
+
+For more information about {% data variables.product.prodname_dependabot_alerts %}, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies)."
+
+{% ifversion fpt or ghec or ghes > 3.2 %}
+#### What are Dependabot updates
+
+There are two types of {% data variables.product.prodname_dependabot_updates %}: {% data variables.product.prodname_dependabot %} _security_ updates and _version_ updates. {% data variables.product.prodname_dependabot %} generates automatic pull requests to update your dependencies in both cases, but there are several differences.
+
+{% data variables.product.prodname_dependabot_security_updates %}:
+ - Triggered by a {% data variables.product.prodname_dependabot %} alert
+ - Update dependencies to the minimum version that resolves a known vulnerability
+ - Supported for ecosystems the dependency graph supports
+
+{% data variables.product.prodname_dependabot_version_updates %}:
+ - Run on a schedule you configure
+ - Update dependencies to the latest version that matches the configuration
+ - Supported for a different group of ecosystems
+
+For more information about {% data variables.product.prodname_dependabot_updates %}, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)" and "[About {% data variables.product.prodname_dependabot_version_updates %}](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates)."
+{% endif %}
+
+## Feature availability
+
+{% ifversion fpt or ghec %}
+
+Public repositories:
+- **Dependency graph**—enabled by default and cannot be disabled.
+- **Dependency review**—enabled by default and cannot be disabled.
+- **{% data variables.product.prodname_dependabot_alerts %}**—not enabled by default. {% data variables.product.prodname_dotcom %} detects vulnerable dependencies and displays information in the dependency graph, but does not generate {% data variables.product.prodname_dependabot_alerts %} by default. Repository owners or people with admin access can enable {% data variables.product.prodname_dependabot_alerts %}. You can also enable or disable Dependabot alerts for all repositories owned by your user account or organization. For more information, see "[Managing security and analysis settings for your user account](/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account)" or "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)."
+
+Private repositories:
+- **Dependency graph**—not enabled by default. The feature can be enabled by repository administrators. Para obtener más información, consulta la sección "[Explorar las dependencias de un repositorio](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)".
+{% ifversion fpt %}
+- **Dependency review**—available in private repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_advanced_security %}. Para obtener más información, consulta la [documentación de {% data variables.product.prodname_ghe_cloud %}](/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).
+{% elsif ghec %}
+- **Dependency review**—available in private repositories owned by organizations provided you have a license for {% data variables.product.prodname_GH_advanced_security %} and the dependency graph enabled. For more information, see "[About {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)" and "[Exploring the dependencies of a repository](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)."
+{% endif %}
+- **{% data variables.product.prodname_dependabot_alerts %}**—not enabled by default. Los propietarios de los repositorios privados o las personas con acceso administrativo puede habilitar las {% data variables.product.prodname_dependabot_alerts %} si habilitan la gráfica de dependencias y las {% data variables.product.prodname_dependabot_alerts %} para sus repositorios. You can also enable or disable Dependabot alerts for all repositories owned by your user account or organization. For more information, see "[Managing security and analysis settings for your user account](/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account)" or "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)."
+
+Any repository type:
+- **{% data variables.product.prodname_dependabot_security_updates %}**—not enabled by default. Puedes habilitar las {% data variables.product.prodname_dependabot_security_updates %} para cualquier repositorio que utilice {% data variables.product.prodname_dependabot_alerts %} y la gráfica de dependencias. Para obtener más información, consulta la sección "[Acerca de las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)".
+- **{% data variables.product.prodname_dependabot_version_updates %}**—not enabled by default. People with write permissions to a repository can enable {% data variables.product.prodname_dependabot_version_updates %}. Para obtener más información sobre habilitar las actualizaciones de seguridad, consulta la sección "[Configurar las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)".
+{% endif %}
+
+{% ifversion ghes or ghae %}
+- **Dependency graph** and **{% data variables.product.prodname_dependabot_alerts %}**—not enabled by default. Both features are configured at an enterprise level by the enterprise owner. Para obtener más información, consulta la sección {% ifversion ghes %}"[Habilitar la gráfica de dependencias para tu empresa](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise)" y {% endif %}"[Habilitar el {% data variables.product.prodname_dependabot %} para tu empresa](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)".
+- **Dependency review**—available when dependency graph is enabled for {% data variables.product.product_location %} and {% data variables.product.prodname_advanced_security %} is enabled for the organization or repository. For more information, see "[About {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)."
+{% endif %}
+{% ifversion ghes > 3.2 %}
+- **{% data variables.product.prodname_dependabot_security_updates %}**—not enabled by default. Puedes habilitar las {% data variables.product.prodname_dependabot_security_updates %} para cualquier repositorio que utilice {% data variables.product.prodname_dependabot_alerts %} y la gráfica de dependencias. Para obtener más información, consulta la sección "[Acerca de las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)".
+- **{% data variables.product.prodname_dependabot_version_updates %}**—not enabled by default. People with write permissions to a repository can enable {% data variables.product.prodname_dependabot_version_updates %}. Para obtener más información sobre habilitar las actualizaciones de seguridad, consulta la sección "[Configurar las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)".
+{% endif %}
diff --git a/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md b/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md
index 53c972c93fa8..91b871b9efcf 100644
--- a/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md
+++ b/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md
@@ -55,7 +55,7 @@ You can use the dependency graph to:
 
 - Explore the repositories your code depends on{% ifversion fpt or ghec %}, and those that depend on it{% endif %}. For more information, see "[Exploring the dependencies of a repository](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-of-a-repository)." {% ifversion fpt or ghec %}
 - View a summary of the dependencies used in your organization's repositories in a single dashboard. For more information, see "[Viewing insights for your organization](/articles/viewing-insights-for-your-organization#viewing-organization-dependency-insights)."{% endif %}
-- View and update vulnerable dependencies for your repository. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."{% ifversion fpt or ghes > 3.1 or ghec %}
+- View and update vulnerable dependencies for your repository. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."{% ifversion fpt or ghes > 3.1 or ghec %}
 - See information about vulnerable dependencies in pull requests. For more information, see "[Reviewing dependency changes in a pull request](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request)."{% endif %}
 
 ## Enabling the dependency graph
@@ -111,5 +111,5 @@ The recommended formats explicitly define which versions are used for all direct
 - "[Dependency graph](https://en.wikipedia.org/wiki/Dependency_graph)" on Wikipedia
 - "[Exploring the dependencies of a repository](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-of-a-repository)"{% ifversion fpt or ghec %}
 - "[Viewing insights for your organization](/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-your-organization)"{% endif %}
-- "[Viewing and updating vulnerable dependencies in your repository](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)"
+- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)"
 - "[Troubleshooting the detection of vulnerable dependencies](/github/managing-security-vulnerabilities/troubleshooting-the-detection-of-vulnerable-dependencies)"
diff --git a/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md b/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md
index a9acbfc377f1..8b1c81aaf8b0 100644
--- a/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md
+++ b/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md
@@ -40,7 +40,7 @@ Enterprise owners can configure the dependency graph at an enterprise level. For
 ### Dependencies view
 
 {% ifversion fpt or ghec %}
-Dependencies are grouped by ecosystem. You can expand a dependency to view its dependencies. For dependencies on public repositories hosted on {% data variables.product.product_name %}, you can also click a dependency to view the repository. Dependencies on private repositories, private packages, or unrecognized files are shown in plain text.
+Dependencies are grouped by ecosystem. You can expand a dependency to view its dependencies.  Dependencies on private repositories, private packages, or unrecognized files are shown in plain text. If the package manager for the dependency is in a public repository, {% data variables.product.product_name %} will display a link to that repository.
 
 If vulnerabilities have been detected in the repository, these are shown at the top of the view for users with access to {% data variables.product.prodname_dependabot_alerts %}.
 
@@ -84,7 +84,10 @@ You can disable the dependency graph at any time by clicking **Disable** next to
 
 ## Changing the "Used by" package
 
-If the dependency graph is enabled, and your repository contains a package that's published on a supported package ecosystem, {% data variables.product.prodname_dotcom %} displays a "Used by" section in the sidebar of the **Code** tab of your repository. For more information about the supported package ecosystems, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)."
+You may notice some repositories have a "Used by" section in the sidebar of the **Code** tab. Your repository will have a "Used by" section if:
+  * The dependency graph is enabled for the repository (see the above section for more details).
+  * Your repository contains a package that is published on a [supported package ecosystem](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems).
+  * Within the ecosystem, your package has a link to a _public_ repository where the source is stored.
 
 The "Used by" section shows the number of public references to the package that were found, and displays the avatars of some of the owners of the dependent projects.
 
@@ -114,7 +117,7 @@ If a manifest or lock file is not processed, its dependencies are omitted from t
 ## Further reading
 
 - "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)"
-- "[Viewing and updating vulnerable dependencies in your repository](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)"{% ifversion fpt or ghec %}
+- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)"{% ifversion fpt or ghec %}
 - "[Viewing insights for your organization](/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-your-organization)"
 - "[Understanding how {% data variables.product.prodname_dotcom %} uses and protects your data](/get-started/privacy-on-github)"
 {% endif %}
diff --git a/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md b/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md
index 0e1e4f1579d7..646c4e30f162 100644
--- a/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md
+++ b/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md
@@ -9,10 +9,12 @@ topics:
   - Dependency graph
   - Dependencies
   - Repositories
+shortTitle: Understand your supply chain
 children:
+  - /about-supply-chain-security
   - /about-the-dependency-graph
-  - /exploring-the-dependencies-of-a-repository
   - /about-dependency-review
-shortTitle: Understand your supply chain
+  - /exploring-the-dependencies-of-a-repository
+  - /troubleshooting-the-dependency-graph
 ---
 
diff --git a/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md b/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md
new file mode 100644
index 000000000000..f4e82037201a
--- /dev/null
+++ b/translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md
@@ -0,0 +1,62 @@
+---
+title: Solución de problemas del gráfico de dependencias
+intro: 'If the dependency information reported by the dependency graph is not what you expected, there are a number of points to consider, and various things you can check.'
+shortTitle: Troubleshoot dependency graph
+versions:
+  fpt: '*'
+  ghes: '*'
+  ghae: issue-4864
+  ghec: '*'
+type: how_to
+topics:
+  - Troubleshooting
+  - Errors
+  - Dependencies
+  - Vulnerabilities
+  - Dependency graph
+  - CVEs
+  - Repositories
+---
+
+{% data reusables.dependabot.result-discrepancy %}
+
+## ¿Acaso la gráfica de dependencias solo encuentra depedencias en los manifiestos y lockfiles?
+
+La gráfica de dependencias incluye información sobre las dependencias, la cual se declara explícitamente en tu ambiente. Esto es, dependencias que se especifican en un manifiesto o en un lockfile. La gráfica de dependencias también incluye dependencias transitivas generalmente, aún cuando no se especifican en un lockfile, mediante la revisión de las dependencias de las dependencias en un archivo de manifiesto.
+
+La gráfica de dependencias no incluye dependencias "sueltas". Las dependencias "sueltas" son archivos individuales que se copian de otra fuernte y se revisan directamente en el repositorio o dentro de un archivo (tal como un archivo ZIP o JAR) en ves de que se referencien en un manifiesto de paquete de administrador o en un lockfile.
+
+**Check**: Is the missing dependency for a component that's not specified in the repository's manifest or lockfile?
+
+## ¿Acaso la gráfica de dependencias detecta dependencias que se especifican utilizando variables?
+
+La gráfica de dependencias analiza los manifiestos mientras se suben a {% data variables.product.prodname_dotcom %}. Por lo tanto, la gráfica de dependencias no tiene acceso al ambiente de compilación del proyecto, así que no puede resolver variables que se utilizan dentro de los manifiestos. Si utilizas variables dentro de un manifiesto para especificar el nombre, o más comunmente la versión de una dependencia, entonces dicha dependencia no se incluirá en la gráfica de dependencias.
+
+**Verifica**: ¿Acaso la dependencia faltante se declara en el manifiesto utilizando una variable para su nombre o versión?
+
+## ¿Existen límites que afecten los datos de la gráfica de dependencias?
+
+Sí, la gráfica de dependencias tiene dos categorías de límites:
+
+1. **Límites de procesamiento**
+
+    Estos afectan la gráfica de dependencias que se muestra dentro de {% data variables.product.prodname_dotcom %} y también previenen la creación de {% data variables.product.prodname_dependabot_alerts %}.
+
+    Los manifiestos mayores a 0.5 MB solo se procesan para las cuentas empresariales. En el caso de otras cuentas, los manifiestos mayores a 0.5 MB se ingoran y no crearán {% data variables.product.prodname_dependabot_alerts %}.
+
+    Predeterminadamente, {% data variables.product.prodname_dotcom %} no procesará más de 20 manifiestos por repositorio. Las {% data variables.product.prodname_dependabot_alerts %} no se crean para los manifiestos más allá de este límite. Si necesitas incrementar el límite, contacta a {% data variables.contact.contact_support %}.
+
+2. **Límites de visualización**
+
+    Estos afectan a lo que se muestra en la gráfica de dependencias dentro de {% data variables.product.prodname_dotcom %}. Sin embargo, estos no afectan las {% data variables.product.prodname_dependabot_alerts %} que se crean.
+
+    La vista de dependencias de la gráfica de dependencias para un repositorio solo muestra 1000 manifiestos. Habitualmente, esto es tan adecuado como es significativamente más alto que el límite de procesamiento descrito anteriormente. En situaciones en donde le límite de procesamiento es mayor a 100, las {% data variables.product.prodname_dependabot_alerts %} se crearán aún para cualquier manifiesto que no se muestre dentro de {% data variables.product.prodname_dotcom %}.
+
+**Verifica**: ¿La dependencia faltante está en un archivo de manifiesto que tiene más de 0.5 MB, o en un repositorio con una gran cantidad de manifiesto?
+
+## Leer más
+
+- "[Acerca de la gráfica de dependencias](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)"
+- "[Administrar la configuración de seguridad y de análisis para tu organización](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)"
+- "[Solucionar problemas en la detección de dependencias vulnerables](/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies)"{% ifversion fpt or ghec or ghes > 3.2 %}
+- "[Solucionar problemas de los errores del {% data variables.product.prodname_dependabot %}](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)"{% endif %}
diff --git a/translations/es-ES/content/developers/apps/building-github-apps/creating-a-github-app-using-url-parameters.md b/translations/es-ES/content/developers/apps/building-github-apps/creating-a-github-app-using-url-parameters.md
index f0a7fb41f4de..d2d0c30d068b 100644
--- a/translations/es-ES/content/developers/apps/building-github-apps/creating-a-github-app-using-url-parameters.md
+++ b/translations/es-ES/content/developers/apps/building-github-apps/creating-a-github-app-using-url-parameters.md
@@ -59,39 +59,39 @@ La lista completa de parámetros de consulta, permisos y eventos disponibles se
 
 Puedes seleccionar los permisos en una secuencia de consulta utilizando los nombres de permiso conforme en la siguiente tabla a manera de nombres de parámetro de consulta y usando el tipo de permiso como el valor de la consulta. Por ejemplo, para seleccionar los permisos de `Read & write` en la interface de usuario para `contents`, tu secuencia de consulta incluiría `&contents=write`. Para seleccionar los permisos de `Read-only` en la interface de usuario para `blocking`, tu secuencia de consulta incluiría `&blocking=read`. Para seleccionar `no-access` en la interface de usuario para las `checks`, tu secuencia de consulta no incluiría el permiso `checks`.
 
-| Permiso                                                                                                                          | Descripción                                                                                                                                                                                                                                                                                                                                      |
-| -------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Permiso                                                                                                                          | Descripción                                                                                                                                                                                                                                                                                                                                                     |
+| -------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | [`administration`](/rest/reference/permissions-required-for-github-apps/#permission-on-administration)                           | Otorga acceso a diversas terminales para la administración de organizaciones y repositorios. Puede ser uno de entre `none`, `read`, o `write`.{% ifversion fpt or ghec %}
 | [`blocking`](/rest/reference/permissions-required-for-github-apps/#permission-on-blocking)                                       | Otorga acceso a la [API de Bloqueo de Usuarios](/rest/reference/users#blocking). Puede ser uno de entre `none`, `read`, o `write`.{% endif %}
 | [`verificaciones`](/rest/reference/permissions-required-for-github-apps/#permission-on-checks)                                   | Otorga acceso a la [API de verificaciones](/rest/reference/checks). Puede ser uno de entre `none`, `read`, o `write`.{% ifversion ghes < 3.4 %}
 | `content_references`                                                                                                             | Otorga acceso a la terminal "[Crear un adjunto de contenido](/rest/reference/apps#create-a-content-attachment)". Puede ser uno de entre `none`, `read`, o `write`.{% endif %}
-| [`contenidos`](/rest/reference/permissions-required-for-github-apps/#permission-on-contents)                                     | Otorga acceso a diversas terminales que te permiten modificar el contenido de los repositorios. Puede ser uno de entre `none`, `read`, o `write`.                                                                                                                                                                                                |
+| [`contenidos`](/rest/reference/permissions-required-for-github-apps/#permission-on-contents)                                     | Otorga acceso a diversas terminales que te permiten modificar el contenido de los repositorios. Puede ser uno de entre `none`, `read`, o `write`.                                                                                                                                                                                                               |
 | [`implementaciones`](/rest/reference/permissions-required-for-github-apps/#permission-on-deployments)                            | Otorga acceso a la [API de despliegues](/rest/reference/repos#deployments). Puede ser uno de entre `none`, `read`, o `write`.{% ifversion fpt or ghes or ghec %}
 | [`emails`](/rest/reference/permissions-required-for-github-apps/#permission-on-emails)                                           | Otorga acceso a la [API de Correos electrónicos](/rest/reference/users#emails). Puede ser uno de entre `none`, `read`, o `write`.{% endif %}
-| [`followers`](/rest/reference/permissions-required-for-github-apps/#permission-on-followers)                                     | Otorga acceso a la [API de Seguidores](/rest/reference/users#followers). Puede ser uno de entre `none`, `read`, o `write`.                                                                                                                                                                                                                       |
-| [`gpg_keys`](/rest/reference/permissions-required-for-github-apps/#permission-on-gpg-keys)                                       | Otorga acceso a la [API de Llaves GPG](/rest/reference/users#gpg-keys). Puede ser uno de entre `none`, `read`, o `write`.                                                                                                                                                                                                                        |
-| [`propuestas`](/rest/reference/permissions-required-for-github-apps/#permission-on-issues)                                       | Otorga acceso a la [API de Informe de problemas](/rest/reference/issues). Puede ser uno de entre `none`, `read`, o `write`.                                                                                                                                                                                                                      |
-| [`keys`](/rest/reference/permissions-required-for-github-apps/#permission-on-keys)                                               | Otorga acceso a la [API de Llaves Públicas](/rest/reference/users#keys). Puede ser uno de entre `none`, `read`, o `write`.                                                                                                                                                                                                                       |
+| [`followers`](/rest/reference/permissions-required-for-github-apps/#permission-on-followers)                                     | Otorga acceso a la [API de Seguidores](/rest/reference/users#followers). Puede ser uno de entre `none`, `read`, o `write`.                                                                                                                                                                                                                                      |
+| [`gpg_keys`](/rest/reference/permissions-required-for-github-apps/#permission-on-gpg-keys)                                       | Otorga acceso a la [API de Llaves GPG](/rest/reference/users#gpg-keys). Puede ser uno de entre `none`, `read`, o `write`.                                                                                                                                                                                                                                       |
+| [`propuestas`](/rest/reference/permissions-required-for-github-apps/#permission-on-issues)                                       | Otorga acceso a la [API de Informe de problemas](/rest/reference/issues). Puede ser uno de entre `none`, `read`, o `write`.                                                                                                                                                                                                                                     |
+| [`keys`](/rest/reference/permissions-required-for-github-apps/#permission-on-keys)                                               | Otorga acceso a la [API de Llaves Públicas](/rest/reference/users#keys). Puede ser uno de entre `none`, `read`, o `write`.                                                                                                                                                                                                                                      |
 | [`members`](/rest/reference/permissions-required-for-github-apps/#permission-on-members)                                         | Otorga acceso para administrar los miembros de una organización. Puede ser uno de entre `none`, `read`, o `write`.{% ifversion fpt or ghec %}
-| [`metadatos`](/rest/reference/permissions-required-for-github-apps/#metadata-permissions)                                        | Otorga acceso a las terminales de solo lectura que no filtran datos sensibles. Puede ser `read` o `none`. Su valor predeterminado es `read` cuando configuras cualquier permiso, o bien, `none` cuando no especificas ningún permiso para la {% data variables.product.prodname_github_app %}.                                                 |
+| [`metadatos`](/rest/reference/permissions-required-for-github-apps/#metadata-permissions)                                        | Otorga acceso a las terminales de solo lectura que no filtran datos sensibles. Puede ser `read` o `none`. Su valor predeterminado es `read` cuando configuras cualquier permiso, o bien, `none` cuando no especificas ningún permiso para la {% data variables.product.prodname_github_app %}.                                                                |
 | [`organization_administration`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-administration) | Otorga acceso a la terminal "[Actualizar una organización](/rest/reference/orgs#update-an-organization)" y a la [API de Restricciones de Interacción en la Organización](/rest/reference/interactions#set-interaction-restrictions-for-an-organization). Puede ser uno de entre `none`, `read`, o `write`.{% endif %}
-| [`organization_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-hooks)                   | Otorga acceso a la [API de Webhooks de la Organización](/rest/reference/orgs#webhooks/). Puede ser uno de entre `none`, `read`, o `write`.                                                                                                                                                                                                       |
-| `organization_plan`                                                                                                              | Otorga acceso para obtener información acerca del plan de una organización que utilice la terminal "[Obtener una organización](/rest/reference/orgs#get-an-organization)". Puede ser uno de entre `none` o `read`.                                                                                                                               |
+| [`organization_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-hooks)                   | Otorga acceso a la [API de Webhooks de la Organización](/rest/reference/orgs#webhooks/). Puede ser uno de entre `none`, `read`, o `write`.                                                                                                                                                                                                                      |
+| `organization_plan`                                                                                                              | Otorga acceso para obtener información acerca del plan de una organización que utilice la terminal "[Obtener una organización](/rest/reference/orgs#get-an-organization)". Puede ser uno de entre `none` o `read`.                                                                                                                                              |
 | [`organization_projects`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-projects)             | Otorga acceso a la [API de Proyectos](/rest/reference/projects). Puede ser uno de entre: `none`, `read`, `write`, o `admin`.{% ifversion fpt or ghec %}
 | [`organization_user_blocking`](/rest/reference/permissions-required-for-github-apps/#permission-on-organization-projects)        | Otorga acceso a la [API de Bloqueo de Usuarios de la Organización](/rest/reference/orgs#blocking). Puede ser uno de entre `none`, `read`, o `write`.{% endif %}
-| [`páginas`](/rest/reference/permissions-required-for-github-apps/#permission-on-pages)                                           | Otorga acceso a la [API de páginas](/rest/reference/repos#pages). Puede ser uno de entre `none`, `read`, o `write`.                                                                                                                                                                                                                              |
-| `plan`                                                                                                                           | Otorga acceso para obtener información acerca del plan de GitHub de un usuario que utilice la terminal "[Obtener un usuario](/rest/reference/users#get-a-user)". Puede ser uno de entre `none` o `read`.                                                                                                                                         |
-| [`pull_requests`](/rest/reference/permissions-required-for-github-apps/#permission-on-pull-requests)                             | Otorga acceso a varias terminales de solicitud de extracción. Puede ser uno de entre `none`, `read`, o `write`.                                                                                                                                                                                                                                  |
-| [`repository_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-repository-hooks)                       | Otorga acceso a la [API de Webhooks del Repositorio](/rest/reference/repos#hooks). Puede ser uno de entre `none`, `read`, o `write`.                                                                                                                                                                                                             |
+| [`páginas`](/rest/reference/permissions-required-for-github-apps/#permission-on-pages)                                           | Otorga acceso a la [API de páginas](/rest/reference/repos#pages). Puede ser uno de entre `none`, `read`, o `write`.                                                                                                                                                                                                                                             |
+| `plan`                                                                                                                           | Otorga acceso para obtener información acerca del plan de GitHub de un usuario que utilice la terminal "[Obtener un usuario](/rest/reference/users#get-a-user)". Puede ser uno de entre `none` o `read`.                                                                                                                                                        |
+| [`pull_requests`](/rest/reference/permissions-required-for-github-apps/#permission-on-pull-requests)                             | Otorga acceso a varias terminales de solicitud de extracción. Puede ser uno de entre `none`, `read`, o `write`.                                                                                                                                                                                                                                                 |
+| [`repository_hooks`](/rest/reference/permissions-required-for-github-apps/#permission-on-repository-hooks)                       | Otorga acceso a la [API de Webhooks del Repositorio](/rest/reference/repos#hooks). Puede ser uno de entre `none`, `read`, o `write`.                                                                                                                                                                                                                            |
 | [`repository_projects`](/rest/reference/permissions-required-for-github-apps/#permission-on-repository-projects)                 | Otorga acceso a la [API de Proyectos](/rest/reference/projects). Puede ser uno de entre: `none`, `read`, `write`, o `admin`.{% ifversion fpt or ghes or ghec %}
 | [`secret_scanning_alerts`](/rest/reference/permissions-required-for-github-apps/#permission-on-secret-scanning-alerts)           | Otorga acceso a la [API de escaneo de secretos](/rest/reference/secret-scanning). Puede ser uno de entre: `none`, `read`, o `write`.{% endif %}{% ifversion fpt or ghes or ghec %}
 | [`security_events`](/rest/reference/permissions-required-for-github-apps/#permission-on-security-events)                         | Otorga acceso a la [API de escaneo de código](/rest/reference/code-scanning/). Puede ser uno de entre `none`, `read`, o `write`.{% endif %}
-| [`single_file`](/rest/reference/permissions-required-for-github-apps/#permission-on-single-file)                                 | Otorga acceso a la [API de Contenidos](/rest/reference/repos#contents). Puede ser uno de entre `none`, `read`, o `write`.                                                                                                                                                                                                                        |
-| [`starring`](/rest/reference/permissions-required-for-github-apps/#permission-on-starring)                                       | Otorga acceso a la [API de marcar con estrella](/rest/reference/activity#starring). Puede ser uno de entre `none`, `read`, o `write`.                                                                                                                                                                                                            |
-| [`estados`](/rest/reference/permissions-required-for-github-apps/#permission-on-statuses)                                        | Otorga acceso a la [API de Estados](/rest/reference/commits#commit-statuses). Puede ser uno de entre `none`, `read`, o `write`.                                                                                                                                                                                                                  |
+| [`single_file`](/rest/reference/permissions-required-for-github-apps/#permission-on-single-file)                                 | Otorga acceso a la [API de Contenidos](/rest/reference/repos#contents). Puede ser uno de entre `none`, `read`, o `write`.                                                                                                                                                                                                                                       |
+| [`starring`](/rest/reference/permissions-required-for-github-apps/#permission-on-starring)                                       | Otorga acceso a la [API de marcar con estrella](/rest/reference/activity#starring). Puede ser uno de entre `none`, `read`, o `write`.                                                                                                                                                                                                                           |
+| [`estados`](/rest/reference/permissions-required-for-github-apps/#permission-on-statuses)                                        | Otorga acceso a la [API de Estados](/rest/reference/commits#commit-statuses). Puede ser uno de entre `none`, `read`, o `write`.                                                                                                                                                                                                                                 |
 | [`team_discussions`](/rest/reference/permissions-required-for-github-apps/#permission-on-team-discussions)                       | Otorga acceso a la [API de debates de equipo](/rest/reference/teams#discussions) y a la [API de comentarios en debates de equipo](/rest/reference/teams#discussion-comments). Puede ser uno de entre `none`, `read`, o `write`.{% ifversion fpt or ghes or ghae-issue-4864 or ghec %}
-| `vulnerability_alerts`                                                                                                           | Otorga acceso para recibir alertas de seguridad para las dependencias vulnerables en un repositorio. Consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)" para aprender más. Puede ser uno de entre: `none` o `read`.{% endif %}
-| `observando`                                                                                                                     | Otorga acceso a la lista y cambia los repositorios a los que un usuario está suscrito. Puede ser uno de entre `none`, `read`, o `write`.                                                                                                                                                                                                         |
+| `vulnerability_alerts`                                                                                                           | Grants access to receive {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies in a repository. See "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)" to learn more. Puede ser uno de entre: `none` o `read`.{% endif %}
+| `observando`                                                                                                                     | Otorga acceso a la lista y cambia los repositorios a los que un usuario está suscrito. Puede ser uno de entre `none`, `read`, o `write`.                                                                                                                                                                                                                        |
 
 ## Eventos de webhook de {% data variables.product.prodname_github_app %}
 
diff --git a/translations/es-ES/content/developers/webhooks-and-events/webhooks/webhook-events-and-payloads.md b/translations/es-ES/content/developers/webhooks-and-events/webhooks/webhook-events-and-payloads.md
index a9784b5ada67..f7674ed0dbdd 100644
--- a/translations/es-ES/content/developers/webhooks-and-events/webhooks/webhook-events-and-payloads.md
+++ b/translations/es-ES/content/developers/webhooks-and-events/webhooks/webhook-events-and-payloads.md
@@ -1246,7 +1246,7 @@ Este evento ocurre cuando una {% data variables.product.prodname_github_app %} e
 
 La actividad relacionada con una asesoría de seguridad que revisó {% data variables.product.company_short %}. Una asesoría de seguridad que haya revisado {% data variables.product.company_short %} proporciona información sobre las vulnerabilidades relacionadas con la seguridad en el software de {% data variables.product.prodname_dotcom %}.
 
-El conjunto de datos de asesoría de seguridad también impulsa las {% data variables.product.prodname_dependabot_alerts %} de GitHub. Para obtener más información, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)".
+El conjunto de datos de asesoría de seguridad también impulsa las {% data variables.product.prodname_dependabot_alerts %} de GitHub. Para obtener más información, consulta la sección "[Acerca de{% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)".
 
 ### Disponibilidad
 
diff --git a/translations/es-ES/content/get-started/privacy-on-github/about-githubs-use-of-your-data.md b/translations/es-ES/content/get-started/privacy-on-github/about-githubs-use-of-your-data.md
index a43d48e1c9b8..4d7dd3edd062 100644
--- a/translations/es-ES/content/get-started/privacy-on-github/about-githubs-use-of-your-data.md
+++ b/translations/es-ES/content/get-started/privacy-on-github/about-githubs-use-of-your-data.md
@@ -20,7 +20,7 @@ shortTitle: Cómo utiliza tus datos GitHub
 
 {% data reusables.repositories.about-github-archive-program %} Para obtener más información, consulta la sección "[Acerca de archivar contenido y datos en {% data variables.product.prodname_dotcom %}](/github/creating-cloning-and-archiving-repositories/about-archiving-content-and-data-on-github#about-the-github-archive-program)".
 
-{% data reusables.user-settings.export-data %} For more information, see "[Requesting an archive of your personal account's data](/articles/requesting-an-archive-of-your-personal-account-s-data)."
+{% data reusables.user-settings.export-data %} Para obtener más información, consulta "[Solicitar un archivo de los datos de tu cuenta personal](/articles/requesting-an-archive-of-your-personal-account-s-data)".
 
 Si decides utilizar datos para un repositorio privado, seguiremos tratando tus datos privados, código abierto, o secretos comerciales como confidenciales y privados de acuerdo con nuestras [Condiciones de Servicio](/free-pro-team@latest/github/site-policy/github-terms-of-service). La información que obtenemos viene solo de los datos agregados. Para obtener más información, consulta la sección "[Administrar la configuración de uso de datos para tu repositorio privado](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)".
 
@@ -28,7 +28,7 @@ Anunciaremos nuevas funciones sustanciales que usen metadatos o datos agregados
 
 ## Cómo mejoran los datos las recomendaciones de seguridad
 
-Como ejemplo de cómo deberían usarse tus datos, podemos detectar y alertarte sobre una vulnerabilidad de seguridad en las dependencias de tu repositorio público. Para obtener más información, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)".
+Como ejemplo de cómo deberían usarse tus datos, podemos detectar y alertarte sobre una vulnerabilidad de seguridad en las dependencias de tu repositorio público. Para obtener más información, consulta la sección "[Acerca de{% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)".
 
 Para detectar posibles vulnerabilidades de seguridad {% data variables.product.product_name %} escanea los contenidos del archivo de manifiesto de dependencias para hacer una lista de las dependencias de tu proyecto.
 
diff --git a/translations/es-ES/content/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository.md b/translations/es-ES/content/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository.md
index 3931df21cb3d..8225f205122c 100644
--- a/translations/es-ES/content/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository.md
+++ b/translations/es-ES/content/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository.md
@@ -16,7 +16,7 @@ shortTitle: Administrar el uso de datos para un repositorio privado
 
 ## Acerca del uso de datos para tu repositorio privado
 
-Cuando habilitas el uso de datos para tu repositorio privado, podrás acceder a la gráfica de dependencias, en donde puedes rastrear las dependencias de tus repositorios y recibir las {% data variables.product.prodname_dependabot_alerts %} cuando {% data variables.product.product_name %} detecte las dependencias vulnerables. Para obtener más información, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)".
+Cuando habilitas el uso de datos para tu repositorio privado, podrás acceder a la gráfica de dependencias, en donde puedes rastrear las dependencias de tus repositorios y recibir las {% data variables.product.prodname_dependabot_alerts %} cuando {% data variables.product.product_name %} detecte las dependencias vulnerables. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)."
 
 ## Habilitar o inhabilitar las características para el uso de datos
 
@@ -31,5 +31,5 @@ Cuando habilitas el uso de datos para tu repositorio privado, podrás acceder a
 ## Leer más
 
 - "[Acerca del uso de tus datos de {% data variables.product.prodname_dotcom %}](/articles/about-github-s-use-of-your-data)"
-- "[Ver y actualizar las dependencias vulnerables en tu repositorio](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)"
+- "[Viewing {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)"
 - "[Administrar la configuración de seguridad y de análisis para tu organización](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)"
diff --git a/translations/es-ES/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server.md b/translations/es-ES/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server.md
index 1328f5458054..7e14e81eae3e 100644
--- a/translations/es-ES/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server.md
+++ b/translations/es-ES/content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server.md
@@ -18,7 +18,7 @@ shortTitle: Enterprise Server trial
 
 You can request a 45-day trial to evaluate {% data variables.product.prodname_ghe_server %}. Your trial will be installed as a virtual appliance, with options for on-premises or cloud deployment. For a list of supported visualization platforms, see "[Setting up a GitHub Enterprise Server instance](/enterprise-server@latest/admin/installation/setting-up-a-github-enterprise-server-instance)."
 
-{% ifversion ghes %}{% data variables.product.prodname_dependabot %}{% else %}Security{% endif %} alerts and {% data variables.product.prodname_github_connect %} are not currently available in trials of {% data variables.product.prodname_ghe_server %}. For a demonstration of these features, contact {% data variables.contact.contact_enterprise_sales %}. For more information about these features, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)" and "[Connecting your enterprise account to {% data variables.product.prodname_ghe_cloud %}](/enterprise-server@latest/admin/configuration/managing-connections-between-your-enterprise-accounts/connecting-your-enterprise-account-to-github-enterprise-cloud)."
+{% ifversion ghes %}{% data variables.product.prodname_dependabot %}{% else %}Security{% endif %} alerts and {% data variables.product.prodname_github_connect %} are not currently available in trials of {% data variables.product.prodname_ghe_server %}. For a demonstration of these features, contact {% data variables.contact.contact_enterprise_sales %}. For more information about these features, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)" and "[Connecting your enterprise account to {% data variables.product.prodname_ghe_cloud %}](/enterprise-server@latest/admin/configuration/managing-connections-between-your-enterprise-accounts/connecting-your-enterprise-account-to-github-enterprise-cloud)."
 
 Trials are also available for {% data variables.product.prodname_ghe_cloud %}. For more information, see "[Setting up a trial of {% data variables.product.prodname_ghe_cloud %}](/articles/setting-up-a-trial-of-github-enterprise-cloud)."
 
diff --git a/translations/es-ES/content/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks.md b/translations/es-ES/content/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks.md
index 70a8e8798834..86c868920b0a 100644
--- a/translations/es-ES/content/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks.md
+++ b/translations/es-ES/content/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks.md
@@ -70,10 +70,9 @@ Usamos [Lingüista](https://github.com/github/linguist) para realizar la detecci
 {% if mermaid %}
 ## Crear diagramas
 
-You can use Mermaid syntax to add diagrams. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams)."
+You can also use code blocks to create diagrams in Markdown. GitHub supports Mermaid, geoJSON, topoJSON, and ASCII STL syntax. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams)."
 
 {% endif %}
-
 ## Leer más
 
 - [{% data variables.product.prodname_dotcom %} Especificaciones del formato Markdown](https://github.github.com/gfm/)
diff --git a/translations/es-ES/content/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams.md b/translations/es-ES/content/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams.md
index 4f4f1a2e267c..15392c84d0ec 100644
--- a/translations/es-ES/content/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams.md
+++ b/translations/es-ES/content/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams.md
@@ -1,12 +1,18 @@
 ---
-title: Creating diagrams
+title: Crear diagramas
 intro: Create diagrams to convey information through charts and graphs
 versions:
   feature: mermaid
 shortTitle: Create diagrams
 ---
 
-You can use Mermaid syntax to create diagrams. Mermaid is a Markdown-inspired tool that renders text into diagrams. For example, Mermaid can render flow charts, sequence diagrams, pie charts and more. For more information, see the [Mermaid documentation](https://mermaid-js.github.io/mermaid/#/).
+## About creating diagrams
+
+You can create diagrams in Markdown using three different syntaxes: mermaid, geoJSON and topoJSON, and ASCII STL.
+
+## Creating Mermaid diagrams
+
+Mermaid is a Markdown-inspired tool that renders text into diagrams. For example, Mermaid can render flow charts, sequence diagrams, pie charts and more. For more information, see the [Mermaid documentation](https://mermaid-js.github.io/mermaid/#/).
 
 To create a Mermaid diagram, add Mermaid syntax inside a fenced code block with the `mermaid` language identifier. For more information about creating code blocks, see "[Creating and highlighting code blocks](/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks)."
 
@@ -31,3 +37,122 @@ graph TD;
 **Note:** You may observe errors if you run a third-party Mermaid plugin when using Mermaid syntax on {% data variables.product.company_short %}.
 
 {% endnote %}
+
+## Creating geoJSON and topoJSON maps
+
+You can use geo/topoJSON syntax to create interactive maps. To create a map, add geoJSON or topoJSON inside a fenced code block with the `geojson` or `topojson` syntax identifier. Para obtener más información, consulta "[Crear y resaltar bloques de código](/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks)".
+
+### Using geoJSON
+
+For example, you can create a simple map:
+
+<pre>
+```geojson
+{
+  "type": "Polygon",
+  "coordinates": [
+      [
+          [-90,30],
+          [-90,35],
+          [-90,35],
+          [-85,35],
+          [-85,30]
+      ]
+  ]
+}
+```
+</pre>
+
+![Rendered map](/assets/images/help/writing/fenced-geojson-rendered-map.png)
+
+### Using topoJSON
+
+For example, you can create a simple topoJSON map:
+
+<pre>
+```topojson
+{
+  "type": "Topology",
+  "transform": {
+    "scale": [0.0005000500050005, 0.00010001000100010001],
+    "translate": [100, 0]
+  },
+  "objects": {
+    "example": {
+      "type": "GeometryCollection",
+      "geometries": [
+        {
+          "type": "Point",
+          "properties": {"prop0": "value0"},
+          "coordinates": [4000, 5000]
+        },
+        {
+          "type": "LineString",
+          "properties": {"prop0": "value0", "prop1": 0},
+          "arcs": [0]
+        },
+        {
+          "type": "Polygon",
+          "properties": {"prop0": "value0",
+            "prop1": {"this": "that"}
+          },
+          "arcs": [[1]]
+        }
+      ]
+    }
+  },
+  "arcs": [[[4000, 0], [1999, 9999], [2000, -9999], [2000, 9999]],[[0, 0], [0, 9999], [2000, 0], [0, -9999], [-2000, 0]]]
+}
+```
+</pre>
+
+![Rendered topojson map](/assets/images/help/writing/fenced-topojson-rendered-map.png)
+
+For more information on working with `.geojson` and `.topojson` files, see "[Working with non-code files](/repositories/working-with-files/using-files/working-with-non-code-files#mapping-geojson-files-on-github)."
+
+
+## Creating STL 3D models
+
+You can use ASCII STL syntax directly in markdown to create interactive 3D models. To display a model, add ASCII STL syntax inside a fenced code block with the `stl` syntax identifier. Para obtener más información, consulta "[Crear y resaltar bloques de código](/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks)".
+
+For example, you can create a simple 3D model:
+
+<pre>
+```stl
+solid cube_corner
+  facet normal 0.0 -1.0 0.0
+    outer loop
+      vertex 0.0 0.0 0.0
+      vertex 1.0 0.0 0.0
+      vertex 0.0 0.0 1.0
+    endloop
+  endfacet
+  facet normal 0.0 0.0 -1.0
+    outer loop
+      vertex 0.0 0.0 0.0
+      vertex 0.0 1.0 0.0
+      vertex 1.0 0.0 0.0
+    endloop
+  endfacet
+  facet normal -1.0 0.0 0.0
+    outer loop
+      vertex 0.0 0.0 0.0
+      vertex 0.0 0.0 1.0
+      vertex 0.0 1.0 0.0
+    endloop
+  endfacet
+  facet normal 0.577 0.577 0.577
+    outer loop
+      vertex 1.0 0.0 0.0
+      vertex 0.0 1.0 0.0
+      vertex 0.0 0.0 1.0
+    endloop
+  endfacet
+endsolid
+```
+</pre>
+
+![Rendered 3D model](/assets/images/help/writing/fenced-stl-rendered-object.png)
+
+For more information on working with `.stl` files, see "[Working with non-code files](/repositories/working-with-files/using-files/working-with-non-code-files#3d-file-viewer)."
+
diff --git a/translations/es-ES/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md b/translations/es-ES/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md
index a51f09e2eb51..8627e20aec36 100644
--- a/translations/es-ES/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md
+++ b/translations/es-ES/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md
@@ -122,7 +122,7 @@ El {% data variables.product.prodname_dependabot %} puede verificar si hay refer
 
 Predeterminadamente, el {% data variables.product.prodname_dependabot %} no puede actualizar las dependencias que se ubican en los repositorios o en los registros de paquetes privados. Sin embargo, si una dependencia se encuentra en un repositorio privado de {% data variables.product.prodname_dotcom %} dentro de la misma organización que el proyecto que la utiliza, puedes permitir al {% data variables.product.prodname_dependabot %} actualizar la versión exitosamente si le otorgas acceso al repositorio en el que se hospeda.
 
-Si tu código depende de paquetes en un registro privado, puedes permitir que el {% data variables.product.prodname_dependabot %} actualice las versiones de estas dependencias si configuras esto a nivel del repositorio. Puedes hacer esto si agregas los detalles de autenticación al archivo _dependabot.yml_ para el repositorio. Para obtener más información, consulta la sección "[Opciones de configuración para las actualizaciones de dependencias](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)".
+Si tu código depende de paquetes en un registro privado, puedes permitir que el {% data variables.product.prodname_dependabot %} actualice las versiones de estas dependencias si configuras esto a nivel del repositorio. Puedes hacer esto si agregas los detalles de autenticación al archivo _dependabot.yml_ para el repositorio. For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)."
 
 Para permitir que el {% data variables.product.prodname_dependabot %} acceda a un repositorio privado de {% data variables.product.prodname_dotcom %}:
 
@@ -157,6 +157,5 @@ Puedes administrar el acceso a las características de la {% data variables.prod
 
 - "[Asegurar tu repositorio](/code-security/getting-started/securing-your-repository)"{% ifversion not fpt %}
 - "[Acerca del escaneo de secretos](/github/administering-a-repository/about-secret-scanning)"{% endif %}{% ifversion not ghae %}
-- "[Acerca de la gráfica de dependencias](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)"
-- "[Administrar las vulnerabilidades en las dependencias de tus proyectos](/github/managing-security-vulnerabilities/managing-vulnerabilities-in-your-projects-dependencies)"{% endif %}{% ifversion fpt or ghec or ghes > 3.2 %}
-- "[Mantener tus dependencias actualizacas automáticamente](/github/administering-a-repository/keeping-your-dependencies-updated-automatically)"{% endif %}
+- "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)"{% endif %}{% ifversion fpt or ghec or ghes or ghae-issue-4864 %}
+- "[About supply chain security](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security)"{% endif %}
diff --git a/translations/es-ES/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md b/translations/es-ES/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md
index 394db84028a4..f2d6133d980d 100644
--- a/translations/es-ES/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md
+++ b/translations/es-ES/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md
@@ -42,7 +42,7 @@ Para buscar eventos específicos, utiliza el calificador `action` en tu consulta
 | [`facturación`](#billing-category-actions)                                                                                                                                                                                                                                        | Contiene todas las actividades relacionadas con la facturación de tu organización.                                                                                                                                                                                                                                                                                                                                                                                |
 | [`business`](#business-category-actions)                                                                                                                                                                                                                                          | Contiene actividades relacionadas con los ajustes de negocios para una empresa.                                                                                                                                                                                                                                                                                                                                                                                   |
 | [`codespaces`](#codespaces-category-actions)                                                                                                                                                                                                                                      | Contiene todas las actividades relacionadas con los codespaces de tu organización. |{% endif %}{% ifversion fpt or ghec or ghes > 3.2 %}
-| [`dependabot_alerts`](#dependabot_alerts-category-actions)                                                                                                                                                                                                                        | Contiene actividades de configuración a nivel organizacional para las {% data variables.product.prodname_dependabot_alerts %} en los repositorios existentes. Para obtener más información, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)".                                                                                                |
+| [`dependabot_alerts`](#dependabot_alerts-category-actions)                                                                                                                                                                                                                        | Contiene actividades de configuración a nivel organizacional para las {% data variables.product.prodname_dependabot_alerts %} en los repositorios existentes. Para obtener más información, consulta la sección "[Acerca de{% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)".                                                                                     |
 | [`dependabot_alerts_new_repos`](#dependabot_alerts_new_repos-category-actions)                                                                                                                                                                                                    | Contiene las actividades de configuración a nivel de organización para las {% data variables.product.prodname_dependabot_alerts %} en los repositorios nuevos que se crearon en la organización.                                                                                                                                                                                                                                                                |
 | [`dependabot_security_updates`](#dependabot_security_updates-category-actions)                                                                                                                                                                                                    | Contiene las actividades de configuración a nivel organizacional para las {% data variables.product.prodname_dependabot_security_updates %} en los repositorios existentes. Para obtener más información, consulta la sección "[Configurar las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/configuring-dependabot-security-updates)".                                                        |
 | [`dependabot_security_updates_new_repos`](#dependabot_security_updates_new_repos-category-actions)                                                                                                                                                                                | Contiene las actividades de configuración a nivel de organización para las {% data variables.product.prodname_dependabot_security_updates %} para los repositorios nuevos que se crean en ella.{% endif %}{% ifversion fpt or ghec %}
@@ -680,11 +680,11 @@ Para obtener más información, consulta la sección "[Administrar la publicaci
 {% endif %}{% ifversion fpt or ghes or ghae-issue-4864 or ghec %}
 ### acciones de la categoría `repository_vulnerability_alert`
 
-| Acción           | Descripción                                                                                                                                                                                                                                                                                                                                                                                      |
-| ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| `create (crear)` | Se activa cuando {% data variables.product.product_name %} crea una alerta del {% data variables.product.prodname_dependabot %} para un repositorio que utiliza una dependencia vulnerable. Para obtener más información, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)". |
-| `descartar`      | Se activa cuando un propietario de organización o persona con acceso administrativo al repositorio descarta una alerta del {% data variables.product.prodname_dependabot %} sobre una dependencia vulnerable.                                                                                                                                                                                    |
-| `resolver`       | Se activa cuando alguien con acceso de escritura en un repositorio sube cambios para actualizar y resolver una vulnerabilidad en una dependencia de proyecto.                                                                                                                                                                                                                                    |
+| Acción           | Descripción                                                                                                                                                                                                                                                                                                                                                                                                 |
+| ---------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `create (crear)` | Se activa cuando {% data variables.product.product_name %} crea una alerta del {% data variables.product.prodname_dependabot %} para un repositorio que utiliza una dependencia vulnerable. Para obtener más información, consulta la sección "[Acerca de{% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)". |
+| `descartar`      | Se activa cuando un propietario de organización o persona con acceso administrativo al repositorio descarta una alerta del {% data variables.product.prodname_dependabot %} sobre una dependencia vulnerable.                                                                                                                                                                                               |
+| `resolver`       | Se activa cuando alguien con acceso de escritura en un repositorio sube cambios para actualizar y resolver una vulnerabilidad en una dependencia de proyecto.                                                                                                                                                                                                                                               |
 
 {% endif %}{% ifversion fpt or ghec %}
 ### acciones de la categoría `repository_vulnerability_alerts`
diff --git a/translations/es-ES/content/packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry.md b/translations/es-ES/content/packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry.md
index b3a5b600b912..01a56b4478d1 100644
--- a/translations/es-ES/content/packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry.md
+++ b/translations/es-ES/content/packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry.md
@@ -136,7 +136,7 @@ You can use gems from {% data variables.product.prodname_registry %} much like y
   end
   ```
 
-3. For Bundler versions earlier than 1.7.0, you need to add a new global `source`. For more information on using Bundler, see the [bundler.io documentation](http://bundler.io/v1.5/gemfile.html).
+3. For Bundler versions earlier than 1.7.0, you need to add a new global `source`. For more information on using Bundler, see the [bundler.io documentation](https://bundler.io/gemfile.html).
 
   ```ruby
   source "https://{% ifversion fpt or ghec %}rubygems.pkg.github.com{% else %}REGISTRY-URL{% endif %}/OWNER"
diff --git a/translations/es-ES/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md b/translations/es-ES/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md
index 3a41bb01bb2a..6c4bb22f8410 100644
--- a/translations/es-ES/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md
+++ b/translations/es-ES/content/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll.md
@@ -50,6 +50,12 @@ Antes de que puedas usar Jekyll para probar un sitio, debes hacer lo siguiente:
   ```
 3. Para previsualizar tu sitio, en tu navegador web, navega hasta `http://localhost:4000`.
 
+{% note %}
+
+**Note:** If you are using Ruby 3.0 and Jekyll 4.2.x or older, you will need to add the `webrick` gem to your project's Gemfile prior to running `bundle install`.
+
+{% endnote %}
+
 ## Actualizar la gema de {% data variables.product.prodname_pages %}
 
 Jekyll es un proyecto de código abierto activo que se actualiza de manera frecuente. Si la gema de `github-pages` de tu computadora está desactualizada con respecto a la gema de `github-pages` del servidor de {% data variables.product.prodname_pages %}, tu sitio puede verse diferente cuando se compile localmente en comparación a cómo se vea cuando se publique en {% data variables.product.product_name %}. Para evitar esto, actualiza de manera regular la gema de `github-pages` en tu computadora.
diff --git a/translations/es-ES/content/repositories/viewing-activity-and-data-for-your-repository/understanding-connections-between-repositories.md b/translations/es-ES/content/repositories/viewing-activity-and-data-for-your-repository/understanding-connections-between-repositories.md
index ae41d1224e5b..3e35c0e7b21d 100644
--- a/translations/es-ES/content/repositories/viewing-activity-and-data-for-your-repository/understanding-connections-between-repositories.md
+++ b/translations/es-ES/content/repositories/viewing-activity-and-data-for-your-repository/understanding-connections-between-repositories.md
@@ -73,5 +73,5 @@ Casi todo el software depende de el código que otros desarrolladores mantienen
 
 La gráfica de dependencias proporciona una forma genial de visualizar y explorar las depdendencias para un repositorio. Para obtener más información, consulta las secciones "[Acerca de la gráfica de dependencias](/code-security/supply-chain-security/about-the-dependency-graph)" y "[Explorar las dependencias de un repositorio](/code-security/supply-chain-security/exploring-the-dependencies-of-a-repository)".
 
-También puedes configurar tu repositorio para que {% data variables.product.company_short %} te alerte automáticamente en cualquier momento en el que se encuentre una vulnerabilidad de seguridad en alguna de tus dependencias. Para obtener más información, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)".
+También puedes configurar tu repositorio para que {% data variables.product.company_short %} te alerte automáticamente en cualquier momento en el que se encuentre una vulnerabilidad de seguridad en alguna de tus dependencias. Para obtener más información, consulta la sección "[Acerca de{% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)".
 {% endif %}
diff --git a/translations/es-ES/content/repositories/working-with-files/using-files/working-with-non-code-files.md b/translations/es-ES/content/repositories/working-with-files/using-files/working-with-non-code-files.md
index d2e6c666bc9a..63c5ea85d9c1 100644
--- a/translations/es-ES/content/repositories/working-with-files/using-files/working-with-non-code-files.md
+++ b/translations/es-ES/content/repositories/working-with-files/using-files/working-with-non-code-files.md
@@ -130,6 +130,12 @@ Por defecto, la representación insertada es de 420 píxeles de ancho por 620 de
 
 {% endtip %}
 
+{% if mermaid %}
+### Rendering in Markdown
+
+You can embed ASCII STL syntax directly in Markdown. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams#creating-stl-3d-models)."
+{% endif %}
+
 ## Representar datos CSV y TSV
 
 GitHub admite la representación de datos tabulares en la forma de archivos *.csv* (separados por coma) y .*tsv* (separados por pestaña).
@@ -233,7 +239,7 @@ Cuando haces clic en el ícono de papel a la derecha, también verás los cambio
 
 ![Captura de pantalla de conmutación de representación de fuente](/assets/images/help/repository/source-render-toggle-geojson.png)
 
-### Tipos de Geometry
+### Geometry types
 
 Los mapas en {% data variables.product.product_name %} utilizan [Leaflet.js](http://leafletjs.com) y admiten todos los tipos de Geometry indicados en [las especificaciones de geoJSON](http://www.geojson.org/geojson-spec.html) (Point, LineString, Polygon, MultiPoint, MultiLineString, MultiPolygon y GeometryCollection). Los archivos TopoJSON deberían ser del tipo "Topology" y adherir a las especificaciones [topoJSON](https://github.com/mbostock/topojson/wiki/Specification).
 
@@ -274,6 +280,12 @@ Por defecto, el mapa incrustado es 420px x 620px, pero puedes personalizar el re
 
 {% endtip %}
 
+{% if mermaid %}
+### Mapping in Markdown
+
+You can embed geoJSON and topoJSON directly in Markdown. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams#creating-geojson-and-topojson-maps)."
+{% endif %}
+
 ### Agrupación
 
 Si tu mapa contiende una gran cantidad de marcadores (aproximadamente más de 750), GitHub automáticamente agrupará marcadores cercanos en niveles superiores de zoom. Simplemente haz clic la agrupación o el zoom de acercamiento para ver los marcadores individuales.
@@ -292,7 +304,7 @@ Por otra parte, si tu archivo `.geojson` es particularmente grande (superior a 1
 
 Todavía se podrían representar los datos al convertir el archivo `.geojson` a [TopoJSON](https://github.com/mbostock/topojson), un formato de compresión que, en algunos casos, puede reducir el tamaño del archivo hasta un 80 %. Por supuesto, siempre puedes partir el archivo en fragmentos más pequeños (como por estado o por año), y almacenar los datos como archivos múltiples dentro del repositorio.
 
-### Recursos adicionales
+### Leer más
 
 * [Documentación Leaflet.js geojson](http://leafletjs.com/examples/geojson.html)
 * [Documentación de estilización de marcador MapBox](http://www.mapbox.com/developers/simplestyle/)
@@ -320,3 +332,44 @@ $ jupyter nbconvert --to html <em>NOTEBOOK-NAME.ipynb</em>
 
 - [Repositorio GitHub de notebook Jupyter](https://github.com/jupyter/jupyter_notebook)
 - [Galería de notebooks Jupyter](https://github.com/jupyter/jupyter/wiki/A-gallery-of-interesting-Jupyter-Notebooks)
+
+{% if mermaid %}
+## Displaying Mermaid files on {% data variables.product.prodname_dotcom %}
+
+{% data variables.product.product_name %} supports rendering Mermaid files within repositories. Commit the file as you would normally using a `.mermaid` or `.mmd` extension. Then, navigate to the path of the Mermaid file on {% data variables.product.prodname_dotcom %}.
+
+For example, if you add a `.mmd` file with the following content to your repository:
+
+```
+graph TD
+    A[Friend's Birthday] -->|Get money| B(Go shopping)
+    B --> C{Let me think}
+    C -->|One| D["Cool <br> Laptop"]
+    C -->|Two| E[iPhone]
+    C -->|Three| F[fa:fa-car Car]
+```
+
+When you view the file in the repository, it is rendered as a flow chart. ![Rendered mermaid file diagram](/assets/images/help/repository/mermaid-file-diagram.png)
+
+### Solución de problemas
+
+If your chart does not render at all, verify that it contains valid Mermaid Markdown syntax by checking your chart with the [Mermaid live editor](https://mermaid.live/edit).
+
+If the chart displays, but does not appear as you'd expect, you can create a new [feedback discussion](https://github.com/github/feedback/discussions/categories/general-feedback), and add the `mermaid` tag.
+
+#### Problemas conocidos
+
+* Sequence diagram charts frequently render with additional padding below the chart, with more padding added as the chart size increases. This is a known issue with the Mermaid library.
+* Actor nodes with popover menus do not work as expected within sequence diagram charts. This is due to a discrepancy in how JavaScript events are added to a chart when the Mermaid library's API is used to render a chart.
+* Not all charts are a11y compliant. This may affect users who rely on a screen reader.
+
+### Mermaid in Markdown
+
+You can embed Mermaid syntax directly in Markdown. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams#creating-mermaid-diagrams)."
+
+### Leer más
+
+* [Mermaid.js documentation](https://mermaid-js.github.io/mermaid/#/)
+* [Mermaid.js live editor](https://mermaid.live/edit)
+{% endif %}
+
diff --git a/translations/es-ES/content/rest/reference/deploy_keys.md b/translations/es-ES/content/rest/reference/deploy_keys.md
new file mode 100644
index 000000000000..6c6e6d3f37c4
--- /dev/null
+++ b/translations/es-ES/content/rest/reference/deploy_keys.md
@@ -0,0 +1,17 @@
+---
+title: Deploy Keys
+intro: The Deploy Keys API allows to create an SSH key that is stored on your server and grants access to a GitHub repository.
+allowTitleToDifferFromFilename: true
+versions:
+  fpt: '*'
+  ghes: '*'
+  ghae: '*'
+  ghec: '*'
+topics:
+  - API
+miniTocMaxHeadingLevel: 3
+---
+
+<!--
+  Operations are automatically generated below. Markdown for subcategories is located in data/reusables/rest-reference/keys
+-->
diff --git a/translations/es-ES/content/rest/reference/deployments.md b/translations/es-ES/content/rest/reference/deployments.md
index 58fa4aca8edd..be49557e511f 100644
--- a/translations/es-ES/content/rest/reference/deployments.md
+++ b/translations/es-ES/content/rest/reference/deployments.md
@@ -1,6 +1,6 @@
 ---
 title: Implementaciones
-intro: 'The deployments API allows you to create and delete deploy keys, deployments, and deployment environments.'
+intro: The deployments API allows you to create and delete deployments and deployment environments.
 allowTitleToDifferFromFilename: true
 versions:
   fpt: '*'
diff --git a/translations/es-ES/content/rest/reference/index.md b/translations/es-ES/content/rest/reference/index.md
index a61999b33984..7a273eb81404 100644
--- a/translations/es-ES/content/rest/reference/index.md
+++ b/translations/es-ES/content/rest/reference/index.md
@@ -22,6 +22,7 @@ children:
   - /collaborators
   - /commits
   - /dependabot
+  - /deploy_keys
   - /deployments
   - /emojis
   - /enterprise-admin
diff --git a/translations/es-ES/data/features/mermaid.yml b/translations/es-ES/data/features/mermaid.yml
index 09870e35f9fe..db633f907dcc 100644
--- a/translations/es-ES/data/features/mermaid.yml
+++ b/translations/es-ES/data/features/mermaid.yml
@@ -1,8 +1,8 @@
 ---
-#Issue 5812 and 6172
-#Mermaid syntax support
+#Issues 5812 and 6172, also 6411
+#Mermaid syntax support, also ASCII STL and geoJSON/topoJSON syntax support
 versions:
   fpt: '*'
   ghec: '*'
-  ghes: '>=3.5'
+  ghes: '>=3.6'
   ghae: 'issue-6172'
diff --git a/translations/es-ES/data/learning-tracks/code-security.yml b/translations/es-ES/data/learning-tracks/code-security.yml
index d23de46bf803..53a7ba5dbadd 100644
--- a/translations/es-ES/data/learning-tracks/code-security.yml
+++ b/translations/es-ES/data/learning-tracks/code-security.yml
@@ -18,39 +18,39 @@ dependabot_alerts:
   title: 'Obtén notificaciones para las dependencias vulnerables'
   description: 'Configurar al Dependabot para alertarte sobre vulnerabilidades nuevas en tus dependencias.'
   guides:
-    - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies
+    - /code-security/dependabot/dependabot-alerts/about-dependabot-alerts
     - '{% ifversion fpt or ghec or ghes > 3.2 %}/github/administering-a-repository/managing-repository-settings/managing-security-and-analysis-settings-for-your-repository{% endif %}'
-    - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository
-    - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies
-    - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates
-    - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies
-    - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors
+    - /code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts
+    - /code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts
+    - /code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates
+    - /code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies
+    - /code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors
 #Feature available on dotcom and GHES 3.3+, so articles available on GHAE and earlier GHES hidden to hide the learning track
 dependabot_security_updates:
   title: 'Obtén solicitudes de cambios para actualizar tus dependencias vulnerables'
   description: 'Configurar al Dependabot para crear solicitudes de cambios cuando se reporten vulnerabilidades nuevas.'
   guides:
-    - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates
-    - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates
+    - /code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates
+    - /code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates
     - '{% ifversion fpt or ghec or ghes > 3.2 %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies{% endif %}'
     - '{% ifversion fpt or ghec or ghes > 3.2 %}/github/administering-a-repository/managing-repository-settings/managing-security-and-analysis-settings-for-your-repository{% endif %}'
-    - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates
+    - /code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates
     - '{% ifversion fpt or ghec or ghes > 3.2 %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies{% endif %}'
 #Feature available only on dotcom and GHES 3.3+
 dependency_version_updates:
   title: 'Mantén tus dependencias actualizadas'
   description: 'Utilizar el Dependabot para verificar lanzamientos nuevos y crear solicitudes de cambios para actualizar tus dependencias.'
   guides:
-    - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates
-    - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates
-    - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates
-    - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates
-    - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot
-    - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions
-    - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates
-    - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot
-    - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates
-    - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors
+    - /code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates
+    - /code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates
+    - /code-security/dependabot/dependabot-version-updates/customizing-dependency-updates
+    - /code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+    - /code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
+    - /code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions
+    - /code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates
+    - /code-security/dependabot/working-with-dependabot/managing-encrypted-secrets-for-dependabot
+    - /code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates
+    - /code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors
 #Feature available in GHEC, GHES 3.0 up, and GHAE. Feature limited on FPT so hidden there.
 secret_scanning:
   title: 'Escanear en búsqueda de secretos'
diff --git a/translations/es-ES/data/product-examples/code-security/code-examples.yml b/translations/es-ES/data/product-examples/code-security/code-examples.yml
index d652a07c64b0..3dbd1a0007b3 100644
--- a/translations/es-ES/data/product-examples/code-security/code-examples.yml
+++ b/translations/es-ES/data/product-examples/code-security/code-examples.yml
@@ -24,7 +24,7 @@
   #Security policies
   title: Microsoft security policy template
   description: Política de seguridad de ejemplo
-  href: https://github.com/microsoft/repo-templates/blob/main/shared/SECURITY.md
+  href: /microsoft/repo-templates/blob/main/shared/SECURITY.md
   tags:
     - Política de seguridad
 - 
diff --git a/translations/es-ES/data/reusables/code-scanning/alert-default-branch.md b/translations/es-ES/data/reusables/code-scanning/alert-default-branch.md
new file mode 100644
index 000000000000..c6a6029e70d5
--- /dev/null
+++ b/translations/es-ES/data/reusables/code-scanning/alert-default-branch.md
@@ -0,0 +1 @@
+The status and details on the alert page only reflect the state of the alert on the default branch of the repository, even if the alert exists in other branches. You can see the status of the alert on non-default branches in the **Affected branches** section on the right-hand side of the alert page. If an alert doesn't exist in the default branch, the status of the alert will display as "in pull request" or "in branch" and will be colored grey.
\ No newline at end of file
diff --git a/translations/es-ES/data/reusables/code-scanning/filter-non-default-branches.md b/translations/es-ES/data/reusables/code-scanning/filter-non-default-branches.md
new file mode 100644
index 000000000000..4df28a76d5b9
--- /dev/null
+++ b/translations/es-ES/data/reusables/code-scanning/filter-non-default-branches.md
@@ -0,0 +1 @@
+Please note that if you have filtered for alerts on a non-default branch, but the same alerts exist on the default branch, the alert page for any given alert will still only reflect the alert's status on the default branch, even if that status conflicts with the status on a non-default branch. For example, an alert that appears in the "Open" list in the summary of alerts for `branch-x` could show a status of "Fixed" on the alert page, if the alert is already fixed on the default branch. You can view the status of the alert for the branch you filtered on in the  **Affected branches** section on the right side of the alert page.
\ No newline at end of file
diff --git a/translations/es-ES/data/reusables/dependabot/private-dependencies-note.md b/translations/es-ES/data/reusables/dependabot/private-dependencies-note.md
index 03135127fadf..b62c55d55b8a 100644
--- a/translations/es-ES/data/reusables/dependabot/private-dependencies-note.md
+++ b/translations/es-ES/data/reusables/dependabot/private-dependencies-note.md
@@ -1 +1 @@
-Cuando ejecutas actualizaciones de versión o de seguridad, algunos ecosistemas deberán poder resolver todas las dependencias de su fuente para verificar que las actualizaciones sean exitosas. Si tus archivos de manifiesto o de bloqueo contienen cualquier dependencia privada, el {% data variables.product.prodname_dependabot %} deberá poder acceder a la ubicación en la que se hospedan dichas dependencias. Los propietarios de las organizaciones pueden otorgar acceso al {% data variables.product.prodname_dependabot %} para los repositorios privados que contengan dependencias para un proyecto dentro de la misma organización. Para obtener más información, consulta la sección "[Administrar la configuración de seguridad y análisis para tu organización](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private-dependencies)". Puedes configurar el acceso a los registros privados en el archivo de configuración _dependabot.yml_ de un repositorio. Para obtener más información, consulta la sección "[Opciones de configuración para las actualizaciones de dependencias](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)".
+Cuando ejecutas actualizaciones de versión o de seguridad, algunos ecosistemas deberán poder resolver todas las dependencias de su fuente para verificar que las actualizaciones sean exitosas. Si tus archivos de manifiesto o de bloqueo contienen cualquier dependencia privada, el {% data variables.product.prodname_dependabot %} deberá poder acceder a la ubicación en la que se hospedan dichas dependencias. Los propietarios de las organizaciones pueden otorgar acceso al {% data variables.product.prodname_dependabot %} para los repositorios privados que contengan dependencias para un proyecto dentro de la misma organización. Para obtener más información, consulta la sección "[Administrar la configuración de seguridad y análisis para tu organización](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private-dependencies)". Puedes configurar el acceso a los registros privados en el archivo de configuración _dependabot.yml_ de un repositorio. For more information, see "[Configuration options for the dependabot.yml file](/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-private-registries)."
diff --git a/translations/es-ES/data/reusables/dependabot/result-discrepancy.md b/translations/es-ES/data/reusables/dependabot/result-discrepancy.md
new file mode 100644
index 000000000000..cd5055354ad5
--- /dev/null
+++ b/translations/es-ES/data/reusables/dependabot/result-discrepancy.md
@@ -0,0 +1 @@
+Los resultados de la detección de dependencias que reporta {% data variables.product.product_name %} pueden ser diferentes a aquellos que devuelven otras herramientas. Esto está justificado y es útil el entender cómo {% data variables.product.prodname_dotcom %} determina las dependencias para tu proyecto.
diff --git a/translations/es-ES/data/reusables/repositories/github-reviews-security-advisories.md b/translations/es-ES/data/reusables/repositories/github-reviews-security-advisories.md
index 9f4b64aa2dee..366124f1fe72 100644
--- a/translations/es-ES/data/reusables/repositories/github-reviews-security-advisories.md
+++ b/translations/es-ES/data/reusables/repositories/github-reviews-security-advisories.md
@@ -1,3 +1,3 @@
 {% data variables.product.prodname_dotcom %} revisará cada asesoría de seguridad que se haya publicado, la agregará a la {% data variables.product.prodname_advisory_database %}, y podría utilzar esta asesoría de seguridad para enviar {% data variables.product.prodname_dependabot_alerts %} a los repositorios que se vean afectados. Si la asesoría de seguridad viene de una bifurcación, únicamente enviaremos una alerta si ésta tiene un paquete que se publique con un nombre único y esté en un registro de paquetes público. Este proceso puede tomar hasta 72 horas y {% data variables.product.prodname_dotcom %} podría contactarte para obtener más información.
 
-Para obtener más información sobre las {% data variables.product.prodname_dependabot_alerts %}, consulta las secciones "[Acerca de las alertas para las dependencias vulnerables](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)" y "[Acerca de las {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-dependabot-security-updates)". Para obtener más información acerca de la {% data variables.product.prodname_advisory_database %}, consulta la sección "[Buscar vulnerabilidades de seguridad en la {% data variables.product.prodname_advisory_database %}](/github/managing-security-vulnerabilities/browsing-security-vulnerabilities-in-the-github-advisory-database)".
+For more information about {% data variables.product.prodname_dependabot_alerts %}, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)" and "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-dependabot-security-updates)." Para obtener más información acerca de la {% data variables.product.prodname_advisory_database %}, consulta la sección "[Buscar vulnerabilidades de seguridad en la {% data variables.product.prodname_advisory_database %}](/github/managing-security-vulnerabilities/browsing-security-vulnerabilities-in-the-github-advisory-database)".
diff --git a/translations/es-ES/data/reusables/repositories/security-alert-delivery-options.md b/translations/es-ES/data/reusables/repositories/security-alert-delivery-options.md
index 6b866fa8680a..e6e2e2b256c5 100644
--- a/translations/es-ES/data/reusables/repositories/security-alert-delivery-options.md
+++ b/translations/es-ES/data/reusables/repositories/security-alert-delivery-options.md
@@ -1,4 +1,4 @@
 {% ifversion not ghae %}
 Si tu repositorio cuenta con un manifiesto compatible de la dependencia
-{% ifversion fpt or ghec %} (y si configuraste la gráfica de dependencias en caso de que sea un repositorio privado){% endif %}, cada que {% data variables.product.product_name %} detecte una dependencia vulnerable en éste, recibirás un resumen semanal por correo electrónico. También puedes configurar tus alertas de seguridad y notificaciones web, notificaciones individuales por correo electrónico, resúmenes diarios por correo electrónico o alertas en la interfaz de {% data variables.product.product_name %}. Para obtener más información, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)".
+{% ifversion fpt or ghec %} (y si configuraste la gráfica de dependencias en caso de que sea un repositorio privado){% endif %}, cada que {% data variables.product.product_name %} detecte una dependencia vulnerable en éste, recibirás un resumen semanal por correo electrónico. También puedes configurar tus alertas de seguridad y notificaciones web, notificaciones individuales por correo electrónico, resúmenes diarios por correo electrónico o alertas en la interfaz de {% data variables.product.product_name %}. Para obtener más información, consulta la sección "[Acerca de{% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)".
 {% endif %}
diff --git a/translations/es-ES/data/reusables/rest-reference/deployments/keys.md b/translations/es-ES/data/reusables/rest-reference/deploy_keys/deploy_keys.md
similarity index 91%
rename from translations/es-ES/data/reusables/rest-reference/deployments/keys.md
rename to translations/es-ES/data/reusables/rest-reference/deploy_keys/deploy_keys.md
index 23b36b1d075b..1324e759c82c 100644
--- a/translations/es-ES/data/reusables/rest-reference/deployments/keys.md
+++ b/translations/es-ES/data/reusables/rest-reference/deploy_keys/deploy_keys.md
@@ -1,5 +1,3 @@
-## Llaves de implementación
-
 {% data reusables.repositories.deploy-keys %}
 
 Las llaves de despliegue pueden ya sea configurarse utilizando las siguientes terminales de la API, o mediante GitHub. Para aprender cómo configurar las llaves de despliegue en GitHub, consulta la sección "[Administrar las llaves de despliegue](/developers/overview/managing-deploy-keys)".
\ No newline at end of file
diff --git a/translations/es-ES/data/reusables/webhooks/repository_vulnerability_alert_short_desc.md b/translations/es-ES/data/reusables/webhooks/repository_vulnerability_alert_short_desc.md
index b06cba6d113e..65fa7117036c 100644
--- a/translations/es-ES/data/reusables/webhooks/repository_vulnerability_alert_short_desc.md
+++ b/translations/es-ES/data/reusables/webhooks/repository_vulnerability_alert_short_desc.md
@@ -1 +1 @@
-Actividad relacionada con las alertas de vulnerabilidades de seguridad en un repositorio. {% data reusables.webhooks.action_type_desc %} Para obtener más información, consulta la sección "[Acerca de las alertas para las dependencias vulnerables](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)".
+Actividad relacionada con las alertas de vulnerabilidades de seguridad en un repositorio. {% data reusables.webhooks.action_type_desc %} For more information, see the "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)".
diff --git a/translations/log/es-resets.csv b/translations/log/es-resets.csv
index 5ada01d4f869..008987b785ef 100644
--- a/translations/log/es-resets.csv
+++ b/translations/log/es-resets.csv
@@ -118,24 +118,6 @@ translations/es-ES/content/code-security/guides.md,Listed in localization-suppor
 translations/es-ES/content/code-security/index.md,Listed in localization-support#489
 translations/es-ES/content/code-security/secret-scanning/about-secret-scanning.md,Listed in localization-support#489
 translations/es-ES/content/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning.md,Listed in localization-support#489
-translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates.md,Listed in localization-support#489
-translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions.md,Listed in localization-support#489
-translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates.md,Listed in localization-support#489
-translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates.md,Listed in localization-support#489
-translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates.md,Listed in localization-support#489
-translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates.md,broken liquid tags
-translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/index.md,Listed in localization-support#489
-translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot.md,Listed in localization-support#489
-translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/listing-dependencies-configured-for-version-updates.md,Listed in localization-support#489
-translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot.md,Listed in localization-support#489
-translations/es-ES/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates.md,Listed in localization-support#489
-translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies.md,Listed in localization-support#489
-translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates.md,Listed in localization-support#489
-translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies.md,Listed in localization-support#489
-translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates.md,Listed in localization-support#489
-translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-dependabot-errors.md,Listed in localization-support#489
-translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies.md,Listed in localization-support#489
-translations/es-ES/content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository.md,Listed in localization-support#489
 translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md,Listed in localization-support#489
 translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md,Listed in localization-support#489
 translations/es-ES/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md,Listed in localization-support#489