About alerts for vulnerable dependencies on Servidor de GitHub Enterprise
Agregamos vulnerabilidades a la GitHub Advisory Database desde las siguientes fuentes:
- La National Vulnerability Database
- Una combinación de aprendizaje automático y revisión humana para detectar vulnerabilidades en confirmaciones públicas en GitHub
- Asesorías de seguridad que se reportan en GitHub
- The npm Security advisories database
- FriendsOfPHP For more information, see "About alerts for vulnerable dependencies."
You can connect tu instancia de servidor de GitHub Enterprise to GitHub.com, then sync vulnerability data to your instance and generate security alerts in repositories with a vulnerable dependency.
After connecting tu instancia de servidor de GitHub Enterprise to GitHub.com and enabling security alerts for vulnerable dependencies, vulnerability data is synced from GitHub.com to your instance once every hour. You can also choose to manually sync vulnerability data at any time. No code or information about code from tu instancia de servidor de GitHub Enterprise is uploaded to GitHub.com.
When tu instancia de servidor de GitHub Enterprise receives information about a vulnerability, it will identify repositories in your instance that use the affected version of the dependency and send security alerts to owners and people with admin access in those repositories. They can customize how they receive security alerts. For more information, see "About alerts for vulnerable dependencies."
Enabling security alerts for vulnerable dependencies on Servidor de GitHub Enterprise
Before enabling security alerts for vulnerable dependencies on tu instancia de servidor de GitHub Enterprise, you must connect tu instancia de servidor de GitHub Enterprise to GitHub.com. For more information, see "Connecting Servidor de GitHub Enterprise to GitHub Enterprise Cloud."
-
Ingresa en tu instancia de servidor de GitHub Enterprise a través de
http(s)://HOSTNAME/login
. -
In the administrative shell, enable the security alerts for vulnerable dependencies on tu instancia de servidor de GitHub Enterprise:
$ ghe-dep-graph-enable
-
Return to Servidor de GitHub Enterprise.
-
En la esquina superior derecha de cualquier página, da clic en .
-
En la barra lateral izquierda, haga clic en Enterprise.
-
En la barra lateral de la cuenta de empresa, haz clic en Settings (Configuraciones).
-
En la barra lateral izquierda, haz clic en GitHub Connect.
-
Under "Repositories can be scanned for vulnerabilities", use the drop-down menu and select Enabled.
Viewing vulnerable dependencies on Servidor de GitHub Enterprise
You can view all vulnerabilities in tu instancia de servidor de GitHub Enterprise and manually sync vulnerability data from GitHub.com to update the list.
- En la esquina superior derecha de cualquier página, da clic en .
- In the left sidebar, click Vulnerabilities.
- To sync vulnerability data, click Sync Vulnerabilities now.