Skip to content

Add users and teams to dependabot security alert information#16671

Merged
mchammer01 merged 4 commits intogithub:mainfrom
aisgbnok:4760-dependabot-explicit-users
Apr 1, 2022
Merged

Add users and teams to dependabot security alert information#16671
mchammer01 merged 4 commits intogithub:mainfrom
aisgbnok:4760-dependabot-explicit-users

Conversation

@aisgbnok
Copy link
Copy Markdown
Contributor

@aisgbnok aisgbnok commented Mar 30, 2022
edited
Loading

Why:

Closes #4760

What's being changed:

Viewing and updating Dependabot alerts:

  1. Permissions metadata now includes users and teams that have explicit access.
  2. sidebar-dependabot-alerts.md reusable now informs users of the security permission requirement for dependabot alerts and includes a link to Managing security and analysis settings for your repository.

Permissions (BEFORE)
image
Permissions (AFTER)
image

sidebar-dependabot-alerts.md (BEFORE)
image
sidebar-dependabot-alerts.md (AFTER)
image

If anyone has any suggestions or improvements, such as wording or grammar, please let me know!

Check off the following:

  • I have reviewed my changes in staging (look for "Automatically generated comment" and click Modified to view your latest changes).
  • For content changes, I have completed the self-review checklist.

Writer impact (This section is for GitHub staff members only):

  • This pull request impacts the contribution experience
    • I have added the 'writer impact' label
    • I have added a description and/or a video demo of the changes below (e.g. a "before and after video")

@github-actions github-actions Bot added the triage Do not begin working on this issue until triaged by the team label Mar 30, 2022
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 30, 2022
edited
Loading

Automatically generated comment ℹ️

This comment is automatically generated and will be overwritten every time changes are committed to this branch.

The table contains an overview of files in the content directory that have been changed in this pull request. It's provided to make it easy to review your changes on the staging site. Please note that changes to the data directory will not show up in this table.

Content directory changes

You may find it useful to copy this table into the pull request summary. There you can edit it to share links to important articles or changes and to give a high-level overview of how the changes in your pull request support the overall goals of the pull request.

Source Preview Production What Changed
content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md Modified Original

@aisgbnok aisgbnok changed the title 4760 dependabot explicit users Add users and teams to dependabot security alert information Mar 30, 2022
@ramyaparimi ramyaparimi added content This issue or pull request belongs to the Docs Content team waiting for review Issue/PR is waiting for a writer's review code security Content related to code security and removed triage Do not begin working on this issue until triaged by the team labels Mar 30, 2022
@ramyaparimi
Copy link
Copy Markdown
Contributor

ramyaparimi commented Mar 30, 2022

@aisgbnok
Thanks so much for opening a PR! I'll get this triaged for review ⚡

@mchammer01 mchammer01 self-requested a review March 31, 2022 09:29
@mchammer01
Copy link
Copy Markdown
Contributor

mchammer01 commented Mar 31, 2022

I'll review this, today or tomorrow 🙂

mchammer01
mchammer01 reviewed Apr 1, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@mchammer01 mchammer01 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aisgbnok - thanks for improving our docs, LGTM ✨
Just a couple of minor suggestions that I'm going to apply.
Thank you again for your contribution 🥇

Comment thread content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md Outdated
Comment thread data/reusables/repositories/sidebar-dependabot-alerts.md Outdated
mchammer01
mchammer01 approved these changes Apr 1, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@mchammer01 mchammer01 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving 👍🏻

@mchammer01 mchammer01 enabled auto-merge April 1, 2022 09:23
@mchammer01 mchammer01 added ready to merge This pull request is ready to merge and removed waiting for review Issue/PR is waiting for a writer's review labels Apr 1, 2022
@mchammer01 mchammer01 merged commit d9eda89 into github:main Apr 1, 2022
@aisgbnok aisgbnok deleted the 4760-dependabot-explicit-users branch April 1, 2022 09:28
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 1, 2022

Thanks very much for contributing! Your pull request has been merged 🎉 You should see your changes appear on the site in approximately 24 hours. If you're looking for your next contribution, check out our help wanted issues

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mchammer01 mchammer01 mchammer01 approved these changes

Assignees

No one assigned

Labels

code security Content related to code security content This issue or pull request belongs to the Docs Content team ready to merge This pull request is ready to merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Provide instructions for how to allow non admins to see dependabot security alerts

4 participants

@aisgbnok @ramyaparimi @mchammer01 @docubot