diff --git a/content/code-security/security-overview/filtering-alerts-in-security-overview.md b/content/code-security/security-overview/filtering-alerts-in-security-overview.md index 8eccec990738..6295f0b741c6 100644 --- a/content/code-security/security-overview/filtering-alerts-in-security-overview.md +++ b/content/code-security/security-overview/filtering-alerts-in-security-overview.md @@ -56,10 +56,12 @@ In all views, there are two methods for filtering results by repository name. You can also filter by repository visibility (internal, private, or public) and archive status. | Qualifier | Description | Views | -|--------|--------|------|{% ifversion security-overview-dashboard %} -| `visibility` | Display data for all repositories that are `public`, `private`, or `internal`. | "Overview" and metrics{% endif %} -| `is` | Display data for all repositories that are `public`, `private`, or `internal`. | "Risk" and "Coverage" -| `archived` | Display only data for archived (`true`) or active (`false`) repositories. | All except "Alerts" views +|--------|--------|------| +| {% ifversion security-overview-dashboard %} | +| `visibility` | Display data for all repositories that are `public`, `private`, or `internal`. | "Overview" and metrics | +| {% endif %} | +| `is` | Display data for all repositories that are `public`, `private`, or `internal`. | "Risk" and "Coverage" | +| `archived` | Display only data for archived (`true`) or active (`false`) repositories. | All except "Alerts" views | ## Team and topic filters @@ -96,9 +98,9 @@ In enterprise-level views, you can limit the data to repositories owned by a sin | Qualifier | Description | Views | | -------- | -------- | ------ | -| `owner` | Display data for all repositories owned by one account owner. | Most views -| `owner-type` | Display data for all repositories owned by an organization or a user account in your enterprise. | "Risk", "Coverage" and {% data variables.secret-scanning.alerts %} -| `org` | Display data for repositories owned by one organization. | {% data variables.product.prodname_dependabot_alerts %} and {% data variables.product.prodname_code_scanning %} alerts +| `owner` | Display data for all repositories owned by one account owner. | Most views | +| `owner-type` | Display data for all repositories owned by an organization or a user account in your enterprise. | "Risk", "Coverage" and {% data variables.secret-scanning.alerts %} | +| `org` | Display data for repositories owned by one organization. | {% data variables.product.prodname_dependabot_alerts %} and {% data variables.product.prodname_code_scanning %} alerts | {% elsif security-overview-org-risk-coverage-enterprise %} diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md index 1525b410ad8d..683eb437e186 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md @@ -47,8 +47,6 @@ Dependency review is available when dependency graph is enabled for {% data vari {% endif %} -{% ifversion dependency-review-action-configuration %} - ## About configuring the {% data variables.dependency-review.action_name %} {% data reusables.dependency-review.dependency-review-action-overview %} @@ -58,11 +56,13 @@ Here is a list of common configuration options. For more information, and a ful | Option | Required | Usage | |------------------|-------------------------------|--------| | `fail-on-severity` | {% octicon "x" aria-label="Optional" %} | Defines the threshold for level of severity (`low`, `moderate`, `high`, `critical`).
The action will fail on any pull requests that introduce vulnerabilities of the specified severity level or higher. | -{%- ifversion dependency-review-action-licenses %} -| `allow-licenses` | {% octicon "x" aria-label="Optional" %} | Contains a list of allowed licenses. You can find the possible values for this parameter in the [Licenses](/rest/licenses) page of the API documentation.
The action will fail on pull requests that introduce dependencies with licenses that do not match the list.|{% endif %} -{%- ifversion dependency-review-action-licenses %} -| `deny-licenses` | {% octicon "x" aria-label="Optional" %} | Contains a list of prohibited licenses. You can find the possible values for this parameter in the [Licenses](/rest/licenses) page of the API documentation.
The action will fail on pull requests that introduce dependencies with licenses that match the list.|{% endif %}{% ifversion dependency-review-action-fail-on-scopes %} -| `fail-on-scopes` | {% octicon "x" aria-label="Optional" %} | Contains a list of strings representing the build environments you want to support (`development`, `runtime`, `unknown`).
The action will fail on pull requests that introduce vulnerabilities in the scopes that match the list.|{% endif %} +| {% ifversion dependency-review-action-licenses %} | +| `allow-licenses` | {% octicon "x" aria-label="Optional" %} | Contains a list of allowed licenses. You can find the possible values for this parameter in the [Licenses](/rest/licenses) page of the API documentation.
The action will fail on pull requests that introduce dependencies with licenses that do not match the list.| +| {% endif %} | +| {% ifversion dependency-review-action-licenses %} | +| `deny-licenses` | {% octicon "x" aria-label="Optional" %} | Contains a list of prohibited licenses. You can find the possible values for this parameter in the [Licenses](/rest/licenses) page of the API documentation.
The action will fail on pull requests that introduce dependencies with licenses that match the list.| +| {% endif %} | +| `fail-on-scopes` | {% octicon "x" aria-label="Optional" %} | Contains a list of strings representing the build environments you want to support (`development`, `runtime`, `unknown`).
The action will fail on pull requests that introduce vulnerabilities in the scopes that match the list.| | `comment-summary-in-pr` | {% octicon "x" aria-label="Optional" %} | Enable or disable the reporting of the review summary as a comment in the pull request. If enabled, you must give the workflow or job the `pull-requests: write` permission. | | `allow-ghsas` | {% octicon "x" aria-label="Optional" %} | Contains a list of {% data variables.product.prodname_advisory_database %} IDs that can be skipped during detection. You can find the possible values for this parameter in the [{% data variables.product.prodname_advisory_database %}](https://github.com/advisories). | | `config-file` | {% octicon "x" aria-label="Optional" %} | Specifies a path to a configuration file. The configuration file can be local to the repository or a file located in an external repository.| @@ -74,7 +74,6 @@ Here is a list of common configuration options. For more information, and a ful **Tip:** The `allow-licenses` and `deny-licenses` options are mutually exclusive. {% endtip %} -{% endif %} ## Configuring the {% data variables.dependency-review.action_name %} @@ -144,11 +143,9 @@ Notice that all of the examples use a short version number for the action (`v3`) # ([String]). Skip these {% data variables.product.prodname_advisory_database %} IDs during detection (optional) # Possible values: Any valid {% data variables.product.prodname_advisory_database %} ID from https://github.com/advisories allow-ghsas: GHSA-abcd-1234-5679, GHSA-efgh-1234-5679 - {% ifversion dependency-review-action-fail-on-scopes %} # ([String]). Block pull requests that introduce vulnerabilities in the scopes that match this list (optional) # Possible values: "development", "runtime", "unknown" fail-on-scopes: development, runtime - {% endif %} ``` @@ -214,13 +211,11 @@ Notice that all of the examples use a short version number for the action (`v3`) allow-ghsas: - GHSA-abcd-1234-5679 - GHSA-efgh-1234-5679 - {% ifversion dependency-review-action-fail-on-scopes %} # ([String]). Block pull requests that introduce vulnerabilities in the scopes that match this list (optional) # Possible values: "development", "runtime", "unknown" fail-on-scopes: - development - runtime - {% endif %} ``` diff --git a/package-lock.json b/package-lock.json index d1c98a01b4fd..9090ceaa50c7 100644 --- a/package-lock.json +++ b/package-lock.json @@ -124,7 +124,7 @@ "@types/semver": "^7.5.8", "@types/tcp-port-used": "1.0.4", "@typescript-eslint/eslint-plugin": "^7.13.0", - "@typescript-eslint/parser": "^7.13.0", + "@typescript-eslint/parser": "^7.14.1", "chalk": "^5.0.1", "change-case": "^5.4.4", "commander": "^12.1.0", @@ -3512,15 +3512,15 @@ } }, "node_modules/@typescript-eslint/parser": { - "version": "7.13.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.13.0.tgz", - "integrity": "sha512-EjMfl69KOS9awXXe83iRN7oIEXy9yYdqWfqdrFAYAAr6syP8eLEFI7ZE4939antx2mNgPRW/o1ybm2SFYkbTVA==", + "version": "7.14.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.14.1.tgz", + "integrity": "sha512-8lKUOebNLcR0D7RvlcloOacTOWzOqemWEWkKSVpMZVF/XVcwjPR+3MD08QzbW9TCGJ+DwIc6zUSGZ9vd8cO1IA==", "dev": true, "dependencies": { - "@typescript-eslint/scope-manager": "7.13.0", - "@typescript-eslint/types": "7.13.0", - "@typescript-eslint/typescript-estree": "7.13.0", - "@typescript-eslint/visitor-keys": "7.13.0", + "@typescript-eslint/scope-manager": "7.14.1", + "@typescript-eslint/types": "7.14.1", + "@typescript-eslint/typescript-estree": "7.14.1", + "@typescript-eslint/visitor-keys": "7.14.1", "debug": "^4.3.4" }, "engines": { @@ -3539,6 +3539,81 @@ } } }, + "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager": { + "version": "7.14.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.14.1.tgz", + "integrity": "sha512-gPrFSsoYcsffYXTOZ+hT7fyJr95rdVe4kGVX1ps/dJ+DfmlnjFN/GcMxXcVkeHDKqsq6uAcVaQaIi3cFffmAbA==", + "dev": true, + "dependencies": { + "@typescript-eslint/types": "7.14.1", + "@typescript-eslint/visitor-keys": "7.14.1" + }, + "engines": { + "node": "^18.18.0 || >=20.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/types": { + "version": "7.14.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.14.1.tgz", + "integrity": "sha512-mL7zNEOQybo5R3AavY+Am7KLv8BorIv7HCYS5rKoNZKQD9tsfGUpO4KdAn3sSUvTiS4PQkr2+K0KJbxj8H9NDg==", + "dev": true, + "engines": { + "node": "^18.18.0 || >=20.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/typescript-estree": { + "version": "7.14.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.14.1.tgz", + "integrity": "sha512-k5d0VuxViE2ulIO6FbxxSZaxqDVUyMbXcidC8rHvii0I56XZPv8cq+EhMns+d/EVIL41sMXqRbK3D10Oza1bbA==", + "dev": true, + "dependencies": { + "@typescript-eslint/types": "7.14.1", + "@typescript-eslint/visitor-keys": "7.14.1", + "debug": "^4.3.4", + "globby": "^11.1.0", + "is-glob": "^4.0.3", + "minimatch": "^9.0.4", + "semver": "^7.6.0", + "ts-api-utils": "^1.3.0" + }, + "engines": { + "node": "^18.18.0 || >=20.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } + } + }, + "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/visitor-keys": { + "version": "7.14.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.14.1.tgz", + "integrity": "sha512-Crb+F75U1JAEtBeQGxSKwI60hZmmzaqA3z9sYsVm8X7W5cwLEm5bRe0/uXS6+MR/y8CVpKSR/ontIAIEPFcEkA==", + "dev": true, + "dependencies": { + "@typescript-eslint/types": "7.14.1", + "eslint-visitor-keys": "^3.4.3" + }, + "engines": { + "node": "^18.18.0 || >=20.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, "node_modules/@typescript-eslint/scope-manager": { "version": "7.13.0", "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.13.0.tgz", diff --git a/package.json b/package.json index 041f15b408e8..8787c3e23382 100644 --- a/package.json +++ b/package.json @@ -340,7 +340,7 @@ "@types/semver": "^7.5.8", "@types/tcp-port-used": "1.0.4", "@typescript-eslint/eslint-plugin": "^7.13.0", - "@typescript-eslint/parser": "^7.13.0", + "@typescript-eslint/parser": "^7.14.1", "chalk": "^5.0.1", "change-case": "^5.4.4", "commander": "^12.1.0",