Need help understanding global settings for code security #123160
Unanswered
piotrekkr
asked this question in
Code Security
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Select Topic Area
Question
Body
I need some help with understanding how some setting for organizations work. This is how organization settings look like:
And to be honest I don't really understand much of what is going on there. Here are my questions:
dependabot.yaml
? Is this correct? If not would those apply only if there isdependabot.yaml
?Grouped security updates
- What happens if I check/uncheck this setting? Will it enable grouping on all repos inside organization? Will it enable grouping even if I havedependabot.yaml
inside defined but without any settings related to grouping inside?Automatically enable for new repositories
- This setting is really close toDependabot on self-hosted runners
so my guess is that it is for just self hosted runners. Am I correct or is it for both Actions runners and self-hosted? Or maybe this is to enable dependabot but somehow misplaced?Recommend the extended query suite for repositories enabling default setup
- What does this do exactly? Where will I see this recommendation?In general would be nice if GitHub added links to docs with each option explaining what it actually does.
Thanks
// EDIT
Found some documentation explaining a bit but then I read this:
and I cannot find this in global settings in organization. Any clue where can I find this?
Beta Was this translation helpful? Give feedback.
All reactions