- Регистрация
- 09.02.2010
- Сообщения
- 270
- Реакции
- 41
- Баллы
- 28
- Native language | Родной язык
- English
Since the May beta release of our
Starting today, you can create your own custom rules to control how Dependabot auto-dismisses and reopens alerts, so you can focus on the alerts that matter without worrying about the alerts that don’t. Today’s ship—our public beta of custom auto-triage rules—makes that engine available for everyone, so you can specify and delegate specific decision making tasks to Dependabot with your own custom rules.
Today’s release is part of a series of ships that make it easier to scale your security strategy, whether you’re an open source maintainer or an application developer on a centralized security team. Custom auto-triage rules for Dependabot are free for public repositories and available as part of
Auto-triage rules are a powerful tool to help you reduce false positives and alert fatigue substantially, while better managing your alerts at scale.
Rules contain criteria that match the targeted alerts, plus the decision that Dependabot will perform on your behalf.
What can you do with rules?
With auto-triage rules, you can proactively filter out false positives, snooze alerts until patch release, and – as rules apply to both future and current alerts – manage existing alerts in bulk.
For any existing or future alerts that match a custom rule, Dependabot will perform the selected behavior accordingly.
Our first public beta release covers ignore and snooze-until-patch functionality with repository-level rules. We will follow-up soon with support for managing rules at the organization-level.
Both are managed via the
Custom rules can target alerts based on multiple criteria, including the below attributes as of today.
GitHub-curated presets–such as
In addition to gathering your feedback during the public beta, we’re working to support additional alert metadata and enforcement options to expand the capabilities of custom rules. We’re also working on new configurability options for Dependabot security updates to give you more control over remediation flows. Keep an eye on the
In the meantime, try out Dependabot’s new auto-triage functionality and
The post
You do not have permission to view link please Вход or Регистрация
that detect and close false positive alerts, over 250k repositories have manually opted in, with an average improvement of over 1 in 10 alerts. The impact so far: auto-dismissal of millions of alerts that would have otherwise demanded a developer’s attention to manually assess and triage.Starting today, you can create your own custom rules to control how Dependabot auto-dismisses and reopens alerts, so you can focus on the alerts that matter without worrying about the alerts that don’t. Today’s ship—our public beta of custom auto-triage rules—makes that engine available for everyone, so you can specify and delegate specific decision making tasks to Dependabot with your own custom rules.
Today’s release is part of a series of ships that make it easier to scale your security strategy, whether you’re an open source maintainer or an application developer on a centralized security team. Custom auto-triage rules for Dependabot are free for public repositories and available as part of
You do not have permission to view link please Вход or Регистрация
for private repositories. Together with auto-triage presets and a renewed investment in alert metadata, custom auto-triage rules relieve developers from the overhead of alert management tasks so they can focus on creating great code.What are auto-triage rules?
Auto-triage rules are a powerful tool to help you reduce false positives and alert fatigue substantially, while better managing your alerts at scale.
Rules contain criteria that match the targeted alerts, plus the decision that Dependabot will perform on your behalf.
What can you do with rules?
With auto-triage rules, you can proactively filter out false positives, snooze alerts until patch release, and – as rules apply to both future and current alerts – manage existing alerts in bulk.
What behaviors can Dependabot perform?
For any existing or future alerts that match a custom rule, Dependabot will perform the selected behavior accordingly.
Our first public beta release covers ignore and snooze-until-patch functionality with repository-level rules. We will follow-up soon with support for managing rules at the organization-level.
Both are managed via the
auto-dismiss alert resolution, which provides visibility into automated decisions, integrates with existing reporting systems and workflows, and ensures that alerts can be reintroduced if alert metadata changes.What alert criteria are supported by custom rules?
Custom rules can target alerts based on multiple criteria, including the below attributes as of today.
| Attribute | Description |
severity | Alert severity, based on CVSS base score, across the following values: low, medium, high, and critical. |
scope | Scope of the dependency: development (devDependency) or runtime (production). |
package-name | Packages, listed by package name. |
cwe | CWEs, listed by CWE ID. |
ecosystem | Ecosystems, listed by ecosystem name. |
manifest | Manifest files, listed by manifest path. |
Who can use this feature?
GitHub-curated presets–such as
You do not have permission to view link please Вход or Регистрация
–are free for everyone and on all repositories. Custom auto-triage rules are available for free on all public repositories, and available as a feature of
You do not have permission to view link please Вход or Регистрация
for private repositories.|
You do not have permission to view link please Вход or Регистрация
to learn more about GitHub Advanced Security. |
What’s next for Dependabot?
In addition to gathering your feedback during the public beta, we’re working to support additional alert metadata and enforcement options to expand the capabilities of custom rules. We’re also working on new configurability options for Dependabot security updates to give you more control over remediation flows. Keep an eye on the
You do not have permission to view link please Вход or Регистрация
for more!In the meantime, try out Dependabot’s new auto-triage functionality and
You do not have permission to view link please Вход or Регистрация
–we’re listening.Learn more:
-
You do not have permission to view link please Вход or Регистрация
-
You do not have permission to view link please Вход or Регистрация
-
You do not have permission to view link please Вход or Регистрация
-
You do not have permission to view link please Вход or Регистрация
-
You do not have permission to view link please Вход or Регистрация
The post
You do not have permission to view link please Вход or Регистрация
appeared first on
You do not have permission to view link please Вход or Регистрация
.
