From 53f8234b4e77a23a97cd38bedfdf877519e232c5 Mon Sep 17 00:00:00 2001 From: mc <42146119+mchammer01@users.noreply.github.com> Date: Fri, 23 Oct 2020 11:40:38 +0100 Subject: [PATCH] Reducing noise from notifications for Dependabot/security alerts (#16088) * first stab * fix issues with liquid tags * applied a few fixes and improvements * rewrite options * rewrite for GHES 2.21 * fix liquid versioning (again) * I love liquid tags * swap paragraphs for GHES 2.21 * add link to new article in 2 existing articles * started major rework to avoid info duplication * part of the reorg work * starting the major reorg * fix syntax * rework Configuring notifications article * reorganizing again * more reorg * add new reusable * fix typo * add correct variable * link to correct article for GHES < 2.21 * Update content/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies.md Co-authored-by: Alex Mullans * Apply suggestions from code review Co-authored-by: Felicity Chapman * Update data/reusables/notifications/vulnerable-dependency-notification-options-detailed.md Co-authored-by: Maya Kaczorowski <15946341+mayakacz@users.noreply.github.com> * fix typo reported in #16036 * address comments from code review * yet another commit * polishing * Update content/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies.md Co-authored-by: Maya Kaczorowski <15946341+mayakacz@users.noreply.github.com> * use variables * address more comments * add condition to link as linked article is free-pro-team only * fix condition * remove reusable that had duplicated content * remove incorrect info * fix issue in GHES article * added shortTitle * Apply suggestions from code review Co-authored-by: Maya Kaczorowski <15946341+mayakacz@users.noreply.github.com> * reword for clarity * add more detail Co-authored-by: Alex Mullans Co-authored-by: Felicity Chapman Co-authored-by: Maya Kaczorowski <15946341+mayakacz@users.noreply.github.com> --- ...ependencies-on-github-enterprise-server.md | 7 ++- ...bout-alerts-for-vulnerable-dependencies.md | 29 +--------- ...tifications-for-vulnerable-dependencies.md | 56 +++++++++++++++++++ .../index.md | 1 + .../configuring-notifications.md | 21 +------ .../managing-notifications-from-your-inbox.md | 2 + .../managing-your-subscriptions.md | 2 +- ...ification-delivery-method-customization.md | 3 + ...nerable-dependency-notification-options.md | 29 ++++++++++ 9 files changed, 101 insertions(+), 49 deletions(-) create mode 100644 content/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies.md create mode 100644 data/reusables/notifications/vulnerable-dependency-notification-delivery-method-customization.md create mode 100644 data/reusables/notifications/vulnerable-dependency-notification-options.md diff --git a/content/admin/configuration/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server.md b/content/admin/configuration/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server.md index e073e896dd52..30b49af88082 100644 --- a/content/admin/configuration/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server.md +++ b/content/admin/configuration/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server.md @@ -18,10 +18,13 @@ You can connect {% data variables.product.product_location_enterprise %} to {% d After connecting {% data variables.product.product_location_enterprise %} to {% data variables.product.prodname_dotcom_the_website %} and enabling {% if currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_short %}{% else %}security{% endif %} alerts for vulnerable dependencies, vulnerability data is synced from {% data variables.product.prodname_dotcom_the_website %} to your instance once every hour. You can also choose to manually sync vulnerability data at any time. No code or information about code from {% data variables.product.product_location_enterprise %} is uploaded to {% data variables.product.prodname_dotcom_the_website %}. -{% if currentVersion ver_gt "enterprise-server@2.21" %}When {% data variables.product.product_location_enterprise %} receives information about a vulnerability, it will identify repositories in your instance that use the affected version of the dependency and send {% data variables.product.prodname_dependabot_short %} alerts to owners and people with admin access in those repositories. They can customize how they receive {% data variables.product.prodname_dependabot_short %} alerts. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/#configuring-notifications-for-github-dependabot-alerts)." +{% if currentVersion ver_gt "enterprise-server@2.21" %}When {% data variables.product.product_location_enterprise %} receives information about a vulnerability, it will identify repositories in your instance that use the affected version of the dependency and send {% data variables.product.prodname_dependabot_short %} alerts. You can customize how you receive {% data variables.product.prodname_dependabot_short %} alerts. For more information, see "[Configuring notifications for vulnerable dependencies](/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies/#configuring-notifications-for-github-dependabot-alerts)." {% endif %} -{% if currentVersion ver_lt "enterprise-server@2.21" or currentVersion == "enterprise-server@2.21" %}When {% data variables.product.product_location_enterprise %} receives information about a vulnerability, it will identify repositories in your instance that use the affected version of the dependency and send security alerts to owners and people with admin access in those repositories. They can customize how they receive security alerts. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/#configuring-notifications-for-security-alerts)." +{% if currentVersion == "enterprise-server@2.21" %}When {% data variables.product.product_location_enterprise %} receives information about a vulnerability, it will identify repositories in your instance that use the affected version of the dependency and send security alerts. You can customize how you receive security alerts. For more information, see "[Configuring notifications for vulnerable dependencies](/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies/#configuring-notifications-for-security-alerts)." +{% endif %} + +{% if currentVersion ver_lt "enterprise-server@2.21" %}When {% data variables.product.product_location_enterprise %} receives information about a vulnerability, it will identify repositories in your instance that use the affected version of the dependency and send security alerts. You can customize how you receive security alerts. For more information, see "[Choosing the delivery method for your notifications](/github/receiving-notifications-about-activity-on-github/choosing-the-delivery-method-for-your-notifications#choosing-the-delivery-method-for-security-alerts-for-vulnerable-dependencies)." {% endif %} {% if currentVersion ver_gt "enterprise-server@2.21" %} diff --git a/content/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies.md b/content/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies.md index 5dae79a3e0a8..734552725a4d 100644 --- a/content/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies.md +++ b/content/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies.md @@ -74,34 +74,7 @@ We send {% data variables.product.prodname_dependabot_short %} alerts to people We send security alerts to people with admin permissions in the affected repositories by default. {% data variables.product.product_name %} never publicly discloses identified vulnerabilities for any repository. {% endif %} -### Configuring notifications for {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %} - -{% if currentVersion == "free-pro-team@latest" %} -By default, you will receive {% data variables.product.prodname_dependabot_alerts %} by email, grouped by the specific vulnerability. You can also choose to receive {% data variables.product.prodname_dependabot_alerts %} in a weekly email summarizing alerts for up to 10 of your repositories, in your web notifications, or in the {% data variables.product.product_name %} user interface. For more information, see "[Configuring notifications](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications#github-dependabot-alerts-notification-options)." -{% endif %} - -{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21" %} -By default, if your site administrator has configured email for notifications on your instance, you will receive {% data variables.product.prodname_dependabot_alerts %} by email. You can also choose to receive {% data variables.product.prodname_dependabot_alerts %} in a weekly email summarizing alerts for up to 10 of your repositories, in your web notifications, or in the {% data variables.product.product_name %} user interface. For more information, see "[Configuring notifications](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications#github-dependabot-alerts-notification-options)." -{% endif %} - -{% if enterpriseServerVersions contains currentVersion and currentVersion == "enterprise-server@2.21" %} -By default, if your site administrator has configured email for notifications on your instance, you will receive security alerts by email. You can also choose to receive security alerts in a weekly email summarizing alerts for up to 10 of your repositories, in your web notifications, or in the {% data variables.product.product_name %} user interface. For more information, see "[Configuring notifications](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications#security-alert-notification-options)." -{% endif %} - -{% if enterpriseServerVersions contains currentVersion and currentVersion ver_lt "enterprise-server@2.21" %} -By default, if your site administrator has configured email for notifications on your instance, you will receive security alerts by email. You can also choose to receive security alerts in a weekly email summarizing alerts for up to 10 of your repositories, in your web notifications, or in the {% data variables.product.product_name %} user interface. For more information, see "[Choosing the delivery method for your notifications -](/github/receiving-notifications-about-activity-on-github/choosing-the-delivery-method-for-your-notifications)." -{% endif %} - -{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.20" % %} - -{% if currentVersion ver_gt "enterprise-server@2.21" %}Site administrators can also enable {% data variables.product.prodname_dependabot_alerts %} without notifications. For more information, see "[Enabling {% data variables.product.prodname_dependabot_short %} alerts for vulnerable dependencies on {% data variables.product.prodname_ghe_server %}](/enterprise/{{ currentVersion }}/admin/configuration/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server)."{% endif %} - -{% if currentVersion ver_lt "enterprise-server@2.22" %}Site administrators can also enable security alerts without notifications. For more information, see "[Enabling security alerts for vulnerable dependencies on {% data variables.product.prodname_ghe_server %}](/enterprise/{{ currentVersion }}/admin/configuration/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server)."{% endif %} - -{% endif %} - -{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.19" % %}{% data reusables.repositories.security-alerts-x-github-severity %} For more information, see {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.20" %}"[Configuring notifications](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications#filtering-email-notifications){% else %}"[About email notifications](/github/receiving-notifications-about-activity-on-github/about-email-notifications){% endif %}."{% endif %} +{% data reusables.notifications.vulnerable-dependency-notification-delivery-method-customization %}{% if enterpriseServerVersions contains currentVersion and currentVersion ver_lt "enterprise-server@2.21" %} For more information, see "[Choosing the delivery method for your notifications](/github/receiving-notifications-about-activity-on-github/choosing-the-delivery-method-for-your-notifications)."{% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.20" %} For more information, see "[Configuring notifications for vulnerable dependencies](/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies)."{% endif %} {% if currentVersion == "free-pro-team@latest" %} ### Further reading diff --git a/content/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies.md b/content/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies.md new file mode 100644 index 000000000000..dbf47ece953d --- /dev/null +++ b/content/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies.md @@ -0,0 +1,56 @@ +--- +title: Configuring notifications for vulnerable dependencies +shortTitle: Configuring notifications +intro: 'Optimize how you receive notifications about {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_short %}{% else %}security{% endif %} alerts.' +versions: + free-pro-team: '*' + enterprise-server: '>=2.21' +--- + +### About notifications for vulnerable dependencies + +{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}When {% data variables.product.prodname_dependabot %} detects vulnerable dependencies in your repositories, we send you {% data variables.product.prodname_dependabot_short %} alerts.{% else %}When {% data variables.product.product_name %} detects vulnerable dependencies in your repositories, it sends security alerts.{% endif %}{% if currentVersion == "free-pro-team@latest" %} {% data variables.product.prodname_dependabot_short %} is enabled by default on all public repositories. For {% data variables.product.prodname_dependabot_alerts %}, by default, you will receive {% data variables.product.prodname_dependabot_alerts %} by email, grouped by the specific vulnerability. +{% endif %} + +{% if currentVersion == "free-pro-team@latest" %}If you're an organization owner, you can enable or disable {% data variables.product.prodname_dependabot_short %} alerts for all repositories in your organization with one click. You can also set whether the detection of vulnerable dependencies will be enabled or disabled for newly-created repositories. For more information, see "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-features-for-new-repositories)." +{% endif %} + +{% if enterpriseServerVersions contains currentVersion and currentVersion == "enterprise-server@2.21" %} +Your site administrator needs to enable security alerts for vulnerable dependencies for {% data variables.product.product_location_enterprise %} before you can use the feature. For more information, see "[Enabling alerts for vulnerable dependencies on {% data variables.product.prodname_ghe_server %}](/admin/configuration/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server)."{% endif %} + +{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.20" %} +By default, if your site administrator has configured email for notifications on your instance, you will receive {% if currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %} by email.{% endif %} + +{% if currentVersion ver_gt "enterprise-server@2.21" %}Site administrators can also enable {% data variables.product.prodname_dependabot_alerts %} without notifications. For more information, see "[Enabling {% data variables.product.prodname_dependabot_short %} alerts for vulnerable dependencies on {% data variables.product.prodname_ghe_server %}](/enterprise/{{ currentVersion }}/admin/configuration/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server)."{% endif %} + +{% if currentVersion ver_lt "enterprise-server@2.22" %}Site administrators can also enable security alerts without notifications. For more information, see "[Enabling security alerts for vulnerable dependencies on {% data variables.product.prodname_ghe_server %}](/enterprise/{{ currentVersion }}/admin/configuration/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server)."{% endif %} + +### Configuring notifications for {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %} + +You can configure notification settings for yourself or your organization from the Manage notifications drop-down {% octicon "bell" aria-label="The notifications bell" %} shown at the top of each page. For more information, see "[Configuring notifications](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications#choosing-your-notification-settings)." + +{% data reusables.notifications.vulnerable-dependency-notification-delivery-method-customization %} +{% data reusables.notifications.vulnerable-dependency-notification-options %} + +{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %} + ![{% data variables.product.prodname_dependabot_short %} alerts options](/assets/images/help/notifications-v2/dependabot-alerts-options.png) +{% else %} + ![Security alerts options](/assets/images/help/notifications-v2/security-alerts-options.png) +{% endif %} + +{% note %} + +**Note:** You can filter your {% data variables.product.company_short %} inbox notifications to show {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_short %}{% else %} security{% endif %} alerts. For more information, see "[Managing notifications from your inbox](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox#supported-queries-for-custom-filters)." + +{% endnote %} + +{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.19" % %}{% data reusables.repositories.security-alerts-x-github-severity %} For more information, see {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.20" %}"[Configuring notifications](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications#filtering-email-notifications){% else %}"[About email notifications](/github/receiving-notifications-about-activity-on-github/about-email-notifications){% endif %}."{% endif %} + +### How to reduce the noise from notifications for vulnerable dependencies + +If you are concerned about receiving too many notifications for {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %}, we recommend you opt into the weekly email digest, or turn off notifications while keeping {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %} enabled. You can still navigate to see your {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %} in your repository's Security tab.{% if currentVersion == "free-pro-team@latest" %} For more information, see "[Viewing and updating vulnerable dependencies in your repository](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)."{% endif %} + +### Further reading + +- "[Configuring notifications](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications)" +- "[Managing notifications from your inbox](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox#supported-is-queries)" diff --git a/content/github/managing-security-vulnerabilities/index.md b/content/github/managing-security-vulnerabilities/index.md index a4285a6d86d7..33684e122b96 100644 --- a/content/github/managing-security-vulnerabilities/index.md +++ b/content/github/managing-security-vulnerabilities/index.md @@ -28,6 +28,7 @@ versions: {% link_in_list /browsing-security-vulnerabilities-in-the-github-advisory-database %} {% link_in_list /about-alerts-for-vulnerable-dependencies %} + {% link_in_list /configuring-notifications-for-vulnerable-dependencies %} {% link_in_list /configuring-github-dependabot-security-updates %} {% link_in_list /viewing-and-updating-vulnerable-dependencies-in-your-repository %} diff --git a/content/github/managing-subscriptions-and-notifications-on-github/configuring-notifications.md b/content/github/managing-subscriptions-and-notifications-on-github/configuring-notifications.md index 5c2b46dcb569..223c3f828e39 100644 --- a/content/github/managing-subscriptions-and-notifications-on-github/configuring-notifications.md +++ b/content/github/managing-subscriptions-and-notifications-on-github/configuring-notifications.md @@ -163,25 +163,10 @@ If you are a member of more than one organization, you can configure each one to ### Security alert notification options {% endif %} -{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}Choose how you want to receive {% data variables.product.prodname_dependabot_alerts %} for repositories that you are watching. You can receive {% data variables.product.prodname_dependabot_alerts %} in your inbox, as a banner on {% data variables.product.product_name %}, on the command line, through email, or some combination of these options. +{% data reusables.notifications.vulnerable-dependency-notification-delivery-method-customization %} +{% data reusables.notifications.vulnerable-dependency-notification-options %} -If you want to receive {% data variables.product.prodname_dependabot_alerts %} by email, choose whether you want a weekly email summary of vulnerabilities for up 10 repositories or a new email each time a vulnerability is detected. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)."{% endif %} - -{% if currentVersion == "enterprise-server@2.21" %}Choose how you want to receive security alerts for repositories that you are watching. You can receive security alerts in your inbox, as a banner on {% data variables.product.product_name %}, on the command line, through email, or some combination of these options. - -If you want to receive security alerts by email, choose whether you want a weekly email summary of vulnerabilities for up 10 repositories or a new email each time a vulnerability is detected. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)."{% endif %} - -{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %} - ![{% data variables.product.prodname_dependabot_short %} alerts options](/assets/images/help/notifications-v2/dependabot-alerts-options.png) -{% else %} - ![Security alerts options](/assets/images/help/notifications-v2/security-alerts-options.png) -{% endif %} - -{% note %} - -**Note:** You can filter your {% data variables.product.company_short %} inbox notifications by {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_short %}{% else %} security{% endif %} alerts. For more information, see "[Managing notifications from your inbox](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox#supported-queries-for-custom-filters)." - -{% endnote %} +For more information about the notification delivery methods available to you, and advice on optimizing your notifications for {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %}, see "[Configuring notifications for vulnerable dependencies](/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies)." {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %} diff --git a/content/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox.md b/content/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox.md index 940fb73c593a..fad89fc13084 100644 --- a/content/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox.md +++ b/content/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox.md @@ -124,6 +124,8 @@ To filter notifications for specific activity on {% data variables.product.produ - `is:repository-advisory` - `is:team-discussion` +For information about reducing noise from notifications for {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %}, see "[Configuring notifications for vulnerable dependencies](/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies)." + You can also use the `is:` query to describe how the notification was triaged. - `is:saved` diff --git a/content/github/managing-subscriptions-and-notifications-on-github/managing-your-subscriptions.md b/content/github/managing-subscriptions-and-notifications-on-github/managing-your-subscriptions.md index e9253f1908bd..c76a24f0c7f0 100644 --- a/content/github/managing-subscriptions-and-notifications-on-github/managing-your-subscriptions.md +++ b/content/github/managing-subscriptions-and-notifications-on-github/managing-your-subscriptions.md @@ -38,7 +38,7 @@ When you unsubscribe from notifications in your inbox, they will automatically d {% data reusables.notifications.access_notifications %} 1. From the notifications inbox, select the notifications you want to unsubscribe to. -2. Use the the **selected** {% octicon "triangle-down" aria-label="The down triangle icon" %} drop-down to click **Unsubscribe.** +2. Use the **selected** {% octicon "triangle-down" aria-label="The down triangle icon" %} drop-down to click **Unsubscribe.** ![Unsubcribe option from main inbox](/assets/images/help/notifications-v2/unsubscribe-from-main-inbox.png) ### Unsubscribing from notifications on the subscriptions page diff --git a/data/reusables/notifications/vulnerable-dependency-notification-delivery-method-customization.md b/data/reusables/notifications/vulnerable-dependency-notification-delivery-method-customization.md new file mode 100644 index 000000000000..6b3de47d4c8b --- /dev/null +++ b/data/reusables/notifications/vulnerable-dependency-notification-delivery-method-customization.md @@ -0,0 +1,3 @@ +You can choose the delivery method for notifications about {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %} on repositories that you are watching, as well as the frequency at which the notifications are sent to you. + + diff --git a/data/reusables/notifications/vulnerable-dependency-notification-options.md b/data/reusables/notifications/vulnerable-dependency-notification-options.md new file mode 100644 index 000000000000..75a04dc37220 --- /dev/null +++ b/data/reusables/notifications/vulnerable-dependency-notification-options.md @@ -0,0 +1,29 @@ +{% if currentVersion == "free-pro-team@latest" %} +By default, you will receive {% data variables.product.prodname_dependabot_alerts %}: +- by email, an email is sent every time a vulnerability is found (**Email each time a vulnerability is found** option) +- in the user interface, as warnings in your repository's file and code views (**UI alerts** option) +- on the command line, as warnings that are displayed as callbacks when you push to repositories with vulnerabilities (**Command Line** option) +- in your inbox, as web notifications (**Web** option) + +You can customize the way you are notified about {% data variables.product.prodname_dependabot_alerts %}. For example, you can receive a weekly digest email summarizing alerts for up to 10 of your repositories using the **Email a digest summary of vulnerabilities** and **Weekly security email digest** options. +{% endif %} + +{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21" %} +By default, if your site administrator has configured email for notifications on your instance, you will receive {% data variables.product.prodname_dependabot_alerts %}: +- by email, an email is sent every time a vulnerability is found (**Email each time a vulnerability is found** option) +- in the user interface, as warnings in your repository's file and code views (**UI alerts** option) +- on the command line, as warnings that are displayed as callbacks when you push to repositories with vulnerabilities (**Command Line** option) +- in your inbox, as web notifications (**Web** option) + +You can customize the way you are notified about {% data variables.product.prodname_dependabot_alerts %}. For example, you can receive a weekly digest email summarizing alerts for up to 10 of your repositories using the **Email a digest summary of vulnerabilities** and **Weekly security email digest** options. +{% endif %} + +{% if enterpriseServerVersions contains currentVersion and currentVersion ver_lt "enterprise-server@2.22" %} +By default, if your site administrator has configured email for notifications on your instance, you will receive security alerts: +- by email, an email is sent every time a vulnerability is found (**Email each time a vulnerability is found** option) +- in the user interface, as warnings in your repository's file and code views (**UI alerts** option) +- on the command line, as warnings that are displayed as callbacks when you push to repositories with vulnerabilities (**Command Line** option) +- in your inbox, as web notifications (**Web** option) + +You can customize the way you are notified about security alerts. For example, you can receive a weekly digest email summarizing alerts for up to 10 of your repositories using the **Email a digest summary of vulnerabilities** and **Weekly security email digest** options. +{% endif %}