Enabling alerts for vulnerable dependencies on GitHub Enterprise Server

You can connect tu instancia de servidor de GitHub Enterprise to GitHub Enterprise Cloud and enable security alerts for vulnerable dependencies in repositories in your instance.

Site administrators for Servidor de GitHub Enterprise who are also owners of the connected GitHub Enterprise Cloud organization or enterprise account can enable security alerts for vulnerable dependencies on Servidor de GitHub Enterprise.

En este artículo

About alerts for vulnerable dependencies on Servidor de GitHub Enterprise
Enabling security alerts for vulnerable dependencies on Servidor de GitHub Enterprise
Viewing vulnerable dependencies on Servidor de GitHub Enterprise

About alerts for vulnerable dependencies on Servidor de GitHub Enterprise

Agregamos vulnerabilidades a la GitHub Advisory Database desde las siguientes fuentes:

La National Vulnerability Database
Una combinación de aprendizaje automático y revisión humana para detectar vulnerabilidades en confirmaciones públicas en GitHub
Asesorías de seguridad que se reportan en GitHub
The npm Security advisories database
FriendsOfPHP For more information, see "About alerts for vulnerable dependencies."

You can connect tu instancia de servidor de GitHub Enterprise to GitHub.com, then sync vulnerability data to your instance and generate security alerts in repositories with a vulnerable dependency.

After connecting tu instancia de servidor de GitHub Enterprise to GitHub.com and enabling security alerts for vulnerable dependencies, vulnerability data is synced from GitHub.com to your instance once every hour. You can also choose to manually sync vulnerability data at any time. No code or information about code from tu instancia de servidor de GitHub Enterprise is uploaded to GitHub.com.

When tu instancia de servidor de GitHub Enterprise receives information about a vulnerability, it will identify repositories in your instance that use the affected version of the dependency and send security alerts to owners and people with admin access in those repositories. They can customize how they receive security alerts. For more information, see "About alerts for vulnerable dependencies."

Enabling security alerts for vulnerable dependencies on Servidor de GitHub Enterprise

Before enabling security alerts for vulnerable dependencies on tu instancia de servidor de GitHub Enterprise, you must connect tu instancia de servidor de GitHub Enterprise to GitHub.com. For more information, see "Connecting Servidor de GitHub Enterprise to GitHub Enterprise Cloud."

Ingresa en tu instancia de servidor de GitHub Enterprise a través de http(s)://HOSTNAME/login.
In the administrative shell, enable the security alerts for vulnerable dependencies on tu instancia de servidor de GitHub Enterprise:
```
$ ghe-dep-graph-enable
```
Return to Servidor de GitHub Enterprise.
En la esquina superior derecha de cualquier página, da clic en .
En la barra lateral izquierda, haga clic en Enterprise.
En la barra lateral de la cuenta de empresa, haz clic en Settings (Configuraciones).
En la barra lateral izquierda, haz clic en GitHub Connect.
Under "Repositories can be scanned for vulnerabilities", use the drop-down menu and select Enabled.

Viewing vulnerable dependencies on Servidor de GitHub Enterprise

You can view all vulnerabilities in tu instancia de servidor de GitHub Enterprise and manually sync vulnerability data from GitHub.com to update the list.

En la esquina superior derecha de cualquier página, da clic en .
In the left sidebar, click Vulnerabilities.
To sync vulnerability data, click Sync Vulnerabilities now.