From f8bffc6eb7fe153d419138023eedb673221c61ab Mon Sep 17 00:00:00 2001 From: mc <42146119+mchammer01@users.noreply.github.com> Date: Wed, 14 Jan 2026 06:39:41 +0000 Subject: [PATCH] [EDI] Create a new "Secure your dependencies" map topic within "Tutorials" (#59136) Co-authored-by: Sophie <29382425+sophietheking@users.noreply.github.com> --- .../about-dependabot-version-updates.md | 2 ++ .../dependabot-version-updates/index.md | 27 ------------------- content/code-security/dependabot/index.md | 1 - .../working-with-dependabot/index.md | 3 --- .../code-security/getting-started/index.md | 1 - content/code-security/index.md | 3 ++- .../index.md | 2 -- content/code-security/tutorials/index.md | 1 + ...tomating-dependabot-with-github-actions.md | 5 ++-- .../configuring-multi-ecosystem-updates.md | 8 +++--- .../customizing-dependabot-prs.md | 6 +++-- ...-dependency-review-action-configuration.md | 6 +++-- .../dependabot-quickstart-guide.md | 6 +++-- .../secure-your-dependencies/index.md | 18 +++++++++++++ .../optimizing-pr-creation-version-updates.md | 6 +++-- ...to-run-on-self-hosted-runners-using-arc.md | 3 +++ data/learning-tracks/code-security.yml | 4 +-- 17 files changed, 52 insertions(+), 50 deletions(-) delete mode 100644 content/code-security/dependabot/dependabot-version-updates/index.md rename content/code-security/{dependabot/working-with-dependabot => tutorials/secure-your-dependencies}/automating-dependabot-with-github-actions.md (97%) rename content/code-security/{dependabot/working-with-dependabot => tutorials/secure-your-dependencies}/configuring-multi-ecosystem-updates.md (97%) rename content/code-security/{dependabot/dependabot-version-updates => tutorials/secure-your-dependencies}/customizing-dependabot-prs.md (98%) rename content/code-security/{supply-chain-security/understanding-your-software-supply-chain => tutorials/secure-your-dependencies}/customizing-your-dependency-review-action-configuration.md (95%) rename content/code-security/{getting-started => tutorials/secure-your-dependencies}/dependabot-quickstart-guide.md (98%) create mode 100644 content/code-security/tutorials/secure-your-dependencies/index.md rename content/code-security/{dependabot/dependabot-version-updates => tutorials/secure-your-dependencies}/optimizing-pr-creation-version-updates.md (96%) rename content/code-security/{dependabot/working-with-dependabot => tutorials/secure-your-dependencies}/setting-dependabot-to-run-on-self-hosted-runners-using-arc.md (98%) diff --git a/content/code-security/concepts/supply-chain-security/about-dependabot-version-updates.md b/content/code-security/concepts/supply-chain-security/about-dependabot-version-updates.md index f2efda113234..c81c92dc337e 100644 --- a/content/code-security/concepts/supply-chain-security/about-dependabot-version-updates.md +++ b/content/code-security/concepts/supply-chain-security/about-dependabot-version-updates.md @@ -11,6 +11,8 @@ redirect_from: - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/upgrading-from-dependabotcom-to-github-native-dependabot - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates - /code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates + - /code-security/dependabot/dependabot-version-updates + - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically versions: fpt: '*' ghec: '*' diff --git a/content/code-security/dependabot/dependabot-version-updates/index.md b/content/code-security/dependabot/dependabot-version-updates/index.md deleted file mode 100644 index 9e8d02b6774c..000000000000 --- a/content/code-security/dependabot/dependabot-version-updates/index.md +++ /dev/null @@ -1,27 +0,0 @@ ---- -title: Keeping your dependencies updated automatically with Dependabot version updates -intro: You can use {% data variables.product.prodname_dependabot %} to automatically keep the dependencies and packages used in your repository updated to the latest version, even when they don’t have any known vulnerabilities. -allowTitleToDifferFromFilename: true -redirect_from: - - /github/administering-a-repository/keeping-your-dependencies-updated-automatically - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically - - /github/administering-a-repository/customizing-dependency-updates - - /code-security/supply-chain-security/customizing-dependency-updates - - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/customizing-dependency-updates - - /code-security/dependabot/dependabot-version-updates/customizing-dependency-updates -versions: - fpt: '*' - ghec: '*' - ghes: '*' -topics: - - Repositories - - Dependabot - - Version updates - - Dependencies - - Pull requests -children: - - /optimizing-pr-creation-version-updates - - /customizing-dependabot-prs -shortTitle: Dependabot version updates ---- - diff --git a/content/code-security/dependabot/index.md b/content/code-security/dependabot/index.md index b322474fc7a7..1617ad94cd7c 100644 --- a/content/code-security/dependabot/index.md +++ b/content/code-security/dependabot/index.md @@ -16,7 +16,6 @@ topics: children: - /dependabot-alerts - /dependabot-auto-triage-rules - - /dependabot-version-updates - /working-with-dependabot - /troubleshooting-dependabot --- diff --git a/content/code-security/dependabot/working-with-dependabot/index.md b/content/code-security/dependabot/working-with-dependabot/index.md index 8c5ea0eafcf4..d3f2f61f7007 100644 --- a/content/code-security/dependabot/working-with-dependabot/index.md +++ b/content/code-security/dependabot/working-with-dependabot/index.md @@ -14,9 +14,6 @@ topics: - Dependencies - Pull requests children: - - /automating-dependabot-with-github-actions - - /configuring-multi-ecosystem-updates - - /setting-dependabot-to-run-on-self-hosted-runners-using-arc - /setting-dependabot-to-run-on-github-hosted-runners-using-vnet --- diff --git a/content/code-security/getting-started/index.md b/content/code-security/getting-started/index.md index f4992ca528c8..0cfc335c2485 100644 --- a/content/code-security/getting-started/index.md +++ b/content/code-security/getting-started/index.md @@ -13,7 +13,6 @@ topics: - Vulnerabilities children: - /github-security-features - - /dependabot-quickstart-guide - /quickstart-for-securing-your-repository - /quickstart-for-securing-your-organization - /understanding-github-secret-types diff --git a/content/code-security/index.md b/content/code-security/index.md index a9a1cbedf882..4f09488f0089 100644 --- a/content/code-security/index.md +++ b/content/code-security/index.md @@ -12,7 +12,7 @@ featuredLinks: - '{% ifversion fpt or ghec %}/code-security/getting-started/github-security-features{% endif %}' - /code-security/getting-started/quickstart-for-securing-your-repository - '{% ifversion ghes %}/code-security/secret-scanning/working-with-secret-scanning-and-push-protection{% endif %}' - - /code-security/getting-started/dependabot-quickstart-guide + - /code-security/tutorials/secure-your-dependencies/dependabot-quickstart-guide - /code-security/how-tos/scan-code-for-vulnerabilities/configure-code-scanning/configuring-default-setup-for-code-scanning guideCards: - /code-security/trialing-github-advanced-security/planning-a-trial-of-ghas @@ -59,3 +59,4 @@ children: - /tutorials - /responsible-use --- + diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md index dc542011b04c..688752f9d586 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md @@ -10,8 +10,6 @@ topics: - Repositories shortTitle: Understand your supply chain children: - - /customizing-your-dependency-review-action-configuration - /enforcing-dependency-review-across-an-organization - /troubleshooting-the-dependency-graph --- - diff --git a/content/code-security/tutorials/index.md b/content/code-security/tutorials/index.md index ef6841b008d8..d68285311f25 100644 --- a/content/code-security/tutorials/index.md +++ b/content/code-security/tutorials/index.md @@ -22,6 +22,7 @@ children: - /remediate-leaked-secrets - /secret-scanning-partner-program - /customize-code-scanning + - /secure-your-dependencies - /implement-supply-chain-best-practices - /manage-security-alerts - /improve-code-quality diff --git a/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md b/content/code-security/tutorials/secure-your-dependencies/automating-dependabot-with-github-actions.md similarity index 97% rename from content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md rename to content/code-security/tutorials/secure-your-dependencies/automating-dependabot-with-github-actions.md index 8cf6baf132a5..d6de57f93ce1 100644 --- a/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md +++ b/content/code-security/tutorials/secure-your-dependencies/automating-dependabot-with-github-actions.md @@ -1,12 +1,12 @@ --- title: Automating Dependabot with GitHub Actions -intro: 'Examples of how you can use {% data variables.product.prodname_actions %} to automate common {% data variables.product.prodname_dependabot %} related tasks.' +intro: Examples of how you can use {% data variables.product.prodname_actions %} to automate common {% data variables.product.prodname_dependabot %} related tasks. permissions: '{% data reusables.permissions.dependabot-various-tasks %}' versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to +contentType: tutorials topics: - Actions - Dependabot @@ -18,6 +18,7 @@ topics: shortTitle: Use Dependabot with Actions redirect_from: - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions + - /code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions --- {% ifversion dependabot-on-actions-opt-in %} diff --git a/content/code-security/dependabot/working-with-dependabot/configuring-multi-ecosystem-updates.md b/content/code-security/tutorials/secure-your-dependencies/configuring-multi-ecosystem-updates.md similarity index 97% rename from content/code-security/dependabot/working-with-dependabot/configuring-multi-ecosystem-updates.md rename to content/code-security/tutorials/secure-your-dependencies/configuring-multi-ecosystem-updates.md index 504723d8c1cc..91137c4edd70 100644 --- a/content/code-security/dependabot/working-with-dependabot/configuring-multi-ecosystem-updates.md +++ b/content/code-security/tutorials/secure-your-dependencies/configuring-multi-ecosystem-updates.md @@ -1,9 +1,9 @@ --- title: Configuring multi-ecosystem updates for Dependabot -intro: 'Learn how to configure {% data variables.product.prodname_dependabot %} to group updates across different ecosystems so that you receive a single, consolidated pull request per group instead of one pull request for each ecosystem.' +intro: Learn how to configure {% data variables.product.prodname_dependabot %} to group updates across different ecosystems so that you receive a single, consolidated pull request per group instead of one pull request for each ecosystem. permissions: '{% data reusables.permissions.dependabot-yml-configure %}' allowTitleToDifferFromFilename: true -type: how_to +contentType: tutorials versions: fpt: '*' ghec: '*' @@ -14,7 +14,9 @@ topics: - Repositories - Dependencies - Pull requests -shortTitle: Multi-ecosystem updates +shortTitle: Configure multi-ecosystem updates +redirect_from: + - /code-security/dependabot/working-with-dependabot/configuring-multi-ecosystem-updates --- ## About multi-ecosystem updates diff --git a/content/code-security/dependabot/dependabot-version-updates/customizing-dependabot-prs.md b/content/code-security/tutorials/secure-your-dependencies/customizing-dependabot-prs.md similarity index 98% rename from content/code-security/dependabot/dependabot-version-updates/customizing-dependabot-prs.md rename to content/code-security/tutorials/secure-your-dependencies/customizing-dependabot-prs.md index c4a310f400a4..4ee29eab82ce 100644 --- a/content/code-security/dependabot/dependabot-version-updates/customizing-dependabot-prs.md +++ b/content/code-security/tutorials/secure-your-dependencies/customizing-dependabot-prs.md @@ -1,13 +1,13 @@ --- title: Customizing Dependabot pull requests to fit your processes -intro: 'Learn how to tailor your Dependabot pull requests to better suit your own internal workflows.' +intro: Learn how to tailor your Dependabot pull requests to better suit your own internal workflows. allowTitleToDifferFromFilename: true permissions: '{% data reusables.permissions.dependabot-yml-configure %}' versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to +contentType: tutorials topics: - Dependabot - Version updates @@ -15,6 +15,8 @@ topics: - Dependencies - Pull requests shortTitle: Customize Dependabot PRs +redirect_from: + - /code-security/dependabot/dependabot-version-updates/customizing-dependabot-prs --- There are various ways to customize your {% data variables.product.prodname_dependabot %} pull requests so that they better suit your own internal processes. diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/customizing-your-dependency-review-action-configuration.md b/content/code-security/tutorials/secure-your-dependencies/customizing-your-dependency-review-action-configuration.md similarity index 95% rename from content/code-security/supply-chain-security/understanding-your-software-supply-chain/customizing-your-dependency-review-action-configuration.md rename to content/code-security/tutorials/secure-your-dependencies/customizing-your-dependency-review-action-configuration.md index 39e2ae2893ae..ff950fbf4b71 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/customizing-your-dependency-review-action-configuration.md +++ b/content/code-security/tutorials/secure-your-dependencies/customizing-your-dependency-review-action-configuration.md @@ -1,17 +1,19 @@ --- title: Customizing your dependency review action configuration shortTitle: Customize dependency review action -intro: 'Learn how to add a basic customization to your dependency review action configuration.' +intro: Learn how to add a basic customization to your dependency review action configuration. permissions: '{% data reusables.permissions.security-repo-enable %}' versions: fpt: '*' ghes: '*' ghec: '*' -type: tutorial +contentType: tutorials topics: - Dependency graph - Dependencies - Repositories +redirect_from: + - /code-security/supply-chain-security/understanding-your-software-supply-chain/customizing-your-dependency-review-action-configuration --- ## Introduction diff --git a/content/code-security/getting-started/dependabot-quickstart-guide.md b/content/code-security/tutorials/secure-your-dependencies/dependabot-quickstart-guide.md similarity index 98% rename from content/code-security/getting-started/dependabot-quickstart-guide.md rename to content/code-security/tutorials/secure-your-dependencies/dependabot-quickstart-guide.md index 492a4ede1bd9..d856f10390af 100644 --- a/content/code-security/getting-started/dependabot-quickstart-guide.md +++ b/content/code-security/tutorials/secure-your-dependencies/dependabot-quickstart-guide.md @@ -1,12 +1,12 @@ --- title: Dependabot quickstart guide -intro: 'Find and fix vulnerable dependencies you rely on with {% data variables.product.prodname_dependabot %}.' +intro: Find and fix vulnerable dependencies you rely on with {% data variables.product.prodname_dependabot %}. product: '{% data reusables.gated-features.dependabot-alerts %}' versions: fpt: '*' ghes: '*' ghec: '*' -type: quick_start +contentType: tutorials topics: - Dependabot - Alerts @@ -14,6 +14,8 @@ topics: - Repositories - Dependencies shortTitle: Dependabot quickstart +redirect_from: + - /code-security/getting-started/dependabot-quickstart-guide --- ## About {% data variables.product.prodname_dependabot %} diff --git a/content/code-security/tutorials/secure-your-dependencies/index.md b/content/code-security/tutorials/secure-your-dependencies/index.md new file mode 100644 index 000000000000..d5b67dcd3dad --- /dev/null +++ b/content/code-security/tutorials/secure-your-dependencies/index.md @@ -0,0 +1,18 @@ +--- +title: Secure your dependencies +shortTitle: Secure your dependencies +intro: Build skills to help you keep your dependencies up to date and protected from vulnerabilities using automated tools and workflows. +versions: + fpt: '*' + ghes: '*' + ghec: '*' +contentType: tutorials +children: + - /dependabot-quickstart-guide + - /automating-dependabot-with-github-actions + - /optimizing-pr-creation-version-updates + - /setting-dependabot-to-run-on-self-hosted-runners-using-arc + - /configuring-multi-ecosystem-updates + - /customizing-dependabot-prs + - /customizing-your-dependency-review-action-configuration +--- diff --git a/content/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates.md b/content/code-security/tutorials/secure-your-dependencies/optimizing-pr-creation-version-updates.md similarity index 96% rename from content/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates.md rename to content/code-security/tutorials/secure-your-dependencies/optimizing-pr-creation-version-updates.md index 409b9d7d9b4e..89c75b22f00e 100644 --- a/content/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates.md +++ b/content/code-security/tutorials/secure-your-dependencies/optimizing-pr-creation-version-updates.md @@ -1,13 +1,13 @@ --- title: Optimizing the creation of pull requests for Dependabot version updates -intro: 'Learn how to streamline and efficiently manage your {% data variables.product.prodname_dependabot %} pull requests.' +intro: Learn how to streamline and efficiently manage your {% data variables.product.prodname_dependabot %} pull requests. allowTitleToDifferFromFilename: true permissions: '{% data reusables.permissions.dependabot-yml-configure %}' versions: fpt: '*' ghec: '*' ghes: '*' -type: how_to +contentType: tutorials topics: - Dependabot - Version updates @@ -15,6 +15,8 @@ topics: - Dependencies - Pull requests shortTitle: Optimize PR creation +redirect_from: + - /code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates --- By default, {% data variables.product.prodname_dependabot %} opens a new pull request to update each dependency. When you enable security updates, new pull requests are opened when a vulnerable dependency is found. When you configure version updates for one or more ecosystems, new pull requests are opened when new versions of dependencies are available, with the frequency defined in the `dependabot.yml` file. diff --git a/content/code-security/dependabot/working-with-dependabot/setting-dependabot-to-run-on-self-hosted-runners-using-arc.md b/content/code-security/tutorials/secure-your-dependencies/setting-dependabot-to-run-on-self-hosted-runners-using-arc.md similarity index 98% rename from content/code-security/dependabot/working-with-dependabot/setting-dependabot-to-run-on-self-hosted-runners-using-arc.md rename to content/code-security/tutorials/secure-your-dependencies/setting-dependabot-to-run-on-self-hosted-runners-using-arc.md index 4d5b45cacf0a..1884bae5defd 100644 --- a/content/code-security/dependabot/working-with-dependabot/setting-dependabot-to-run-on-self-hosted-runners-using-arc.md +++ b/content/code-security/tutorials/secure-your-dependencies/setting-dependabot-to-run-on-self-hosted-runners-using-arc.md @@ -11,8 +11,11 @@ topics: - Security updates - Dependencies - Pull requests +contentType: tutorials allowTitleToDifferFromFilename: true shortTitle: Configure ARC +redirect_from: + - /code-security/dependabot/working-with-dependabot/setting-dependabot-to-run-on-self-hosted-runners-using-arc --- ## Working with the {% data variables.product.prodname_actions_runner_controller %} (ARC) diff --git a/data/learning-tracks/code-security.yml b/data/learning-tracks/code-security.yml index fe0acf7e91e9..07a25ef9116d 100644 --- a/data/learning-tracks/code-security.yml +++ b/data/learning-tracks/code-security.yml @@ -86,13 +86,13 @@ dependency_version_updates: - >- /code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configuring-dependabot-version-updates - >- - /code-security/dependabot/dependabot-version-updates/customizing-dependabot-prs + /code-security/tutorials/secure-your-dependencies/customizing-dependabot-prs - >- /code-security/reference/supply-chain-security/dependabot-options-reference - >- /code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/keeping-your-actions-up-to-date-with-dependabot - >- - /code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions + /code-security/tutorials/secure-your-dependencies/automating-dependabot-with-github-actions - >- /code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/listing-dependencies-configured-for-version-updates - >-