Frecuentemente publicamos actualizaciones de nuestra documentación. Es posible que la traducción de esta página esté en curso. Para conocer la información más actual, visita la documentación en inglés. Si existe un problema con las traducciones en esta página, por favor infórmanos.

Configuring automated security updates

Puedes usar solicitudes de extracción automatizadas o manuales para actualizar fácilmente dependencias vulnerables.

En este artículo

About automated security updates

You can enable automated security updates for any repository that uses security alerts and the dependency graph. You can disable automated security updates for an individual repository or for all repositories owned by your user account or organization.

When you receive a security alert about a vulnerable dependency in your repository, you can resolve the vulnerability using an automated security update in a pull request that corresponds to the security alert. Automated security updates are available in repositories that use the dependency graph. Por defecto, GitHub automáticamente crea una solicitud de extracción en tu repositorio para actualizar la dependencia vulnerable a la mínima versión segura posible que se necesita para evitar la vulnerabilidad. Si lo prefieres, puedes inhabilitar las solicitudes de extracción automáticas y crear manualmente solicitudes de extracción para actualizar dependencias solo cuando lo desees.

Las solicitudes de seguridad automatizadas tienen todo lo que necesitas para revisar y fusionar de manera rápida y segura una corrección propuesta en tu proyecto, incluida la información sobre la vulnerabilidad como notas de lanzamiento, entradas de registro de cambios y detalles de confirmaciones.

Automated security updates are opened by Dependabot on behalf of GitHub. The Dependabot App GitHub is automatically installed on every repository where automated security updates are enabled.

Las personas con acceso a las alertas de seguridad de tu repositorio verán un enlace a las alertas de seguridad pertinentes, si bien otras personas con acceso a la solicitud de extracción no podrán ver qué vulnerabilidad resuelve la solicitud de extracción.

When you merge a pull request that contains an automated security update, the corresponding security alert is marked as resolved for your repository.

Note: Automated security updates resolve security vulnerabilities only. Automated security updates are not created to resolve vulnerabilities in private registries or packages hosted in private repositories.

Supported repositories

GitHub automatically enables automated security updates for every repository that meets these requirements.

Note: For repositories created before November 2019, GitHub has automatically enabled automated security updates if the repository meets the following criteria and has received at least one push since May 23, 2019.

Requirement More information
Repository is not a fork "About forks"
Repository is not archived "Archiving repositories"
Repository is public, or repository is private and you have enabled read-only analysis by GitHub, dependency graph, and vulnerability alerts in the repository's settings "Opting into data use for your private repository"
Repository contains dependency manifest file from a package ecosystem that GitHub supports "Supported package ecosystems"
Automated security updates are not disabled for the repository "Managing automated security updates for your repository"
Repository is not already using an integration for dependency management "Acerca de las integraciones"

If automated security updates are not enabled for your repository and you don't know why, you can contact support.

Acerca de las puntuaciones de compatibilidad

Automated security updates also include compatibility scores to let you know whether updating a vulnerability could cause breaking changes to your project. We look at previously-passing CI tests from public repositories where we've generated a given automated security update to learn whether the update causes tests to fail. Una puntuación de compatibilidad de la actualización es el porcentaje de ejecuciones de CI que se aprobaron al actualizar entre las versiones relevantes de la dependencia.

Managing automated security updates for your repository

You can enable or disable automated security updates for an individual repository.

Automated security updates require specific repository settings. For more information, see "Supported repositories."

  1. En GitHub, visita la página principal del repositorio.

  2. Under your repository name, click Security.

    Pestaña de seguridad

  3. Above the list of alerts, use the drop-down menu and select or unselect Automated security updates.

    Drop-down menu with the option to enable automated security updates

Managing automated security updates for your user account

You can disable automated security updates for all repositories owned by your user account. If you do, you can still enable automated security updates for individual repositories owned by your user account.

  1. In the upper-right corner of any page, click your profile photo, then click Settings.

    Icono Settings (Parámetros) en la barra de usuario

  2. In the user settings sidebar, click Security.

    Security settings sidebar

  3. Under "Automated security updates", select or deselect Opt out of automated security updates.

    Checkbox to opt out of automated security updates

  4. Haz clic en Save (Guardar).

Managing automated security updates for your organization

Organization owners can disable automated security updates for all repositories owned by the organization. If you do, anyone with admin permissions to an individual repository owned by the organization can still enable automated security updates on that repository.

  1. In the top right corner of GitHub, click your profile photo, then click Your profile.

    Profile photo

  2. On the left side of your profile page, under "Organizations", click the icon for your organization.

    organization icons

  3. Under your organization name, click Settings.

    Organization settings button

  4. In the organization settings sidebar, click Security.

    Security settings

  5. Under "Automated security updates", select or deselect Opt out of automated security updates.

    Checkbox to opt out of automated security updates

  6. Haz clic en Save (Guardar).

Leer más

Pregunta a una persona

¿No puedes encontrar lo que estás buscando?

Contáctanos