Merge pull request #18184 from github/2764-dependabot-improvements

mchammer01 · web-flow · commit a863bc43468b · 2021-03-12T14:01:22.000Z
Dependabot docs improvements
diff --git a/content/github/administering-a-repository/about-dependabot-version-updates.md b/content/github/administering-a-repository/about-dependabot-version-updates.md
@@ -22,6 +22,8 @@ When {% data variables.product.prodname_dependabot %} identifies an outdated dep
 
 If you enable security updates, {% data variables.product.prodname_dependabot %} also raises pull requests to update vulnerable dependencies. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)."
 
+{% data reusables.dependabot.pull-request-security-vs-version-updates %}
+
 {% data reusables.dependabot.dependabot-tos %}
 
 ### Frequency of {% data variables.product.prodname_dependabot %} pull requests
diff --git a/content/github/managing-security-vulnerabilities/about-dependabot-security-updates.md b/content/github/managing-security-vulnerabilities/about-dependabot-security-updates.md
@@ -22,6 +22,10 @@ The {% data variables.product.prodname_dependabot_security_updates %} feature is
 
 {% endnote %}
 
+You can enable a related feature, {% data variables.product.prodname_dependabot_version_updates %}, so that {% data variables.product.prodname_dependabot %} raises pull requests to update the manifest to the latest version of the dependency, whenever it detects an outdated dependency. For more information, see "[About {% data variables.product.prodname_dependabot %} version updates](/github/administering-a-repository/about-dependabot-version-updates)."
+
+{% data reusables.dependabot.pull-request-security-vs-version-updates %}
+
 ### About pull requests for security updates
 
 Each pull request contains everything you need to quickly and safely review and merge a proposed fix into your project. This includes information about the vulnerability like release notes, changelog entries, and commit details. Details of which vulnerability a pull request resolves are hidden from anyone who does not have access to {% data variables.product.prodname_dependabot_alerts %} for the repository.
diff --git a/content/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization.md b/content/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization.md
@@ -76,6 +76,8 @@ You can enable or disable features for all repositories. {% if currentVersion ==
    ![Button to enable feature for all the eligible repositories in the organization](/assets/images/enterprise/github-ae/organizations/security-and-analysis-enable-secret-scanning-existing-repos-ghae.png)
    {% endif %}
 
+   {% data reusables.security.displayed-information %}
+
 ### Enabling or disabling a feature automatically when new repositories are added
 
 1. Go to the security and analysis settings for your organization. For more information, see "[Displaying the security and analysis settings](#displaying-the-security-and-analysis-settings)."
diff --git a/content/github/setting-up-and-managing-your-github-user-account/managing-security-and-analysis-settings-for-your-user-account.md b/content/github/setting-up-and-managing-your-github-user-account/managing-security-and-analysis-settings-for-your-user-account.md
@@ -28,6 +28,8 @@ For an overview of repository-level security, see "[About securing your reposito
 7. Click **Disable FEATURE** or **Enable FEATURE** to disable or enable the feature for all the repositories you own.
   ![Button to disable or enable feature](/assets/images/help/settings/security-and-analysis-enable-dependency-graph.png)
 
+{% data reusables.security.displayed-information %}
+
 ### Enabling or disabling features for new repositories
 
 {% data reusables.user_settings.access_settings %}
diff --git a/data/reusables/dependabot/pull-request-security-vs-version-updates.md b/data/reusables/dependabot/pull-request-security-vs-version-updates.md
@@ -0,0 +1,4 @@
+When {% data variables.product.prodname_dependabot %} raises pull requests, these pull requests could be for _security_ or _version_ updates:
+
+- {% data variables.product.prodname_dependabot_security_updates %} are automated pull requests that help you update dependencies with known vulnerabilities. 
+- {% data variables.product.prodname_dependabot_version_updates %} are automated pull requests that keep your dependencies updated, even when they don’t have any vulnerabilities. To check the status of version updates, navigate to the Insights tab of your repository, then Dependency Graph, and {% data variables.product.prodname_dependabot %}.
diff --git a/data/reusables/security/displayed-information.md b/data/reusables/security/displayed-information.md
@@ -0,0 +1,7 @@
+When you enable one or more security and analysis features for existing repositories, you will see any results displayed on {% data variables.product.prodname_dotcom %} within minutes:
+
+- All the existing repositories will have the selected configuration.
+- New repositories will follow the selected configuration if you've enabled the checkbox for new repositories.{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
+- We use the permissions to scan for manifest files to apply the relevant services.
+- You'll see information on your dependency graph.
+- {% data variables.product.prodname_dotcom %} will generate {% data variables.product.prodname_dependabot_alerts %}{% endif %}{% if currentVersion == "free-pro-team@latest" %} and raise pull requests{% endif %}. 
