Merge branch 'main' into main

Author: ashis-baral

Dockerfile

@@ -10,7 +10,7 @@
 # ---------------------------------------------------------------
 # To update the sha:
 # https://github.com/github/gh-base-image/pkgs/container/gh-base-image%2Fgh-base-noble
-FROM ghcr.io/github/gh-base-image/gh-base-noble:20260616-174421-gbe30bd25c@sha256:ff51e3a814bf958736588a809c5adc5cc15fe6c74bdb701296a08f86691bc67b AS base
+FROM ghcr.io/github/gh-base-image/gh-base-noble:20260622-194245-g8d7fb0aeb@sha256:ec6e933b7e49fcafd02cab5d31a179a96fa9badd127b39eb153bbe2affee9e48 AS base
 
 # Install curl for Node install and determining the early access branch
 # Install git for cloning docs-early-access & translations repos

content/account-and-profile/concepts/account-management.md

@@ -48,7 +48,7 @@ For more information, see the following articles.
 * [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/removing-yourself-from-an-organization)
 * [AUTOTITLE](/account-and-profile/reference/personal-account-reference#account-deletion)
 
-To delete your personal account, see [AUTOTITLE](/account-and-profile/how-tos/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/deleting-your-personal-account).
+To delete your personal account, see [AUTOTITLE](/account-and-profile/how-tos/account-management/deleting-your-personal-account).
 
 ## About unlinking your email address
 

content/account-and-profile/concepts/email-addresses.md

@@ -55,7 +55,7 @@ You can also choose to block commits you push from the command line that expose
 
 To ensure that commits are attributed to you and appear in your contributions graph, use an email address that is connected to your account on {% data variables.product.github %}{% ifversion fpt or ghec %}, or the `noreply` email address provided to you in your email settings{% endif %}.
 
-For more information, see [AUTOTITLE](/account-and-profile/how-tos/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address).
+For more information, see [AUTOTITLE](/account-and-profile/how-tos/email-preferences/setting-your-commit-email-address).
 
 ## Next steps
 

content/account-and-profile/concepts/username-changes.md

@@ -63,4 +63,4 @@ After changing your username, CODEOWNERS files that include your old username wi
 
 ## Next steps
 
-To change your username, see [AUTOTITLE](/account-and-profile/how-tos/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/changing-your-username).
+To change your username, see [AUTOTITLE](/account-and-profile/how-tos/account-management/changing-your-username).

content/account-and-profile/how-tos/email-preferences/adding-an-email-address-to-your-github-account.md

@@ -34,6 +34,6 @@ category:
 
 ## Next steps
 
-If you are having trouble adding an email address, see [AUTOTITLE](/account-and-profile/how-tos/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/troubleshooting-adding-an-email).
+If you are having trouble adding an email address, see [AUTOTITLE](/account-and-profile/how-tos/email-preferences/troubleshooting-adding-an-email).
 
 For reference information, see [AUTOTITLE](/account-and-profile/reference/email-addresses-reference).

content/account-and-profile/tutorials/personalize-your-profile.md

@@ -128,4 +128,4 @@ You can set a status to display information about your current availability.
 
 * For reference information, see [AUTOTITLE](/account-and-profile/reference/profile-reference).
 
-* For more detailed profile customizations, see [AUTOTITLE](/account-and-profile/how-tos/setting-up-and-managing-your-github-profile).
+* For more detailed profile customizations, see [AUTOTITLE](/account-and-profile/how-tos).

content/code-security/concepts/supply-chain-security/automatic-dependabot-access-to-github-registries.md

@@ -0,0 +1,45 @@
+---
+title:  Automatic Dependabot access to {% data variables.product.github %}-hosted registries
+intro: 'Keep your private dependencies up to date reliably by granting {% data variables.product.prodname_dependabot %} automatic access to {% data variables.product.prodname_registry %} and {% data variables.product.prodname_container_registry %}, so you never need to create or rotate credentials for these registries.'
+versions:
+  feature: org-automatic-registry-access
+shortTitle: Automatic registry access
+allowTitleToDifferFromFilename: true
+contentType: concepts
+category:
+  - Secure your dependencies
+---
+
+## About automatic access to {% data variables.product.github %}-hosted registries
+ 
+{% data variables.product.prodname_dependabot %} can authenticate to private {% data variables.product.prodname_registry %} and {% data variables.product.prodname_container_registry %} packages using the same access grants that {% data variables.product.prodname_actions %} workflows use. If a package has granted your repository **Read** access in the package settings on {% data variables.product.github %}, {% data variables.product.prodname_dependabot %} can access that package automatically.
+ 
+This eliminates the need to:
+ 
+* Create and manage {% data variables.product.pat_generic_plural %} for registry access
+* Manually configure access to {% data variables.product.github %}-hosted registries in your `dependabot.yml` file 
+* Rotate credentials when tokens expire
+ 
+## How automatic access works
+ 
+{% data variables.product.prodname_dependabot %} uses its `GITHUB_TOKEN` to request `packages: read` permission when pulling from `*.pkg.github.com` and {% data variables.product.prodname_container_registry_namespace %}. Any package that has granted your repository access through "Manage Actions access" accepts this token, the same way it would for a regular {% data variables.product.prodname_actions %} workflow. See [AUTOTITLE](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility#ensuring-workflow-access-to-your-package).git s
+ 
+This works for every {% data variables.product.prodname_registry %} ecosystem that {% data variables.product.prodname_dependabot %} supports.
+ 
+## When to use automatic access
+ 
+Use automatic access to {% data variables.product.github %}-hosted registries when:
+ 
+* Your repositories depend on private packages stored in {% data variables.product.prodname_registry %} or {% data variables.product.prodname_container_registry %}.
+* You want to reduce credential management overhead.
+* You want to avoid silent update failures caused by expired {% data variables.product.pat_generic_plural %}.
+ 
+For third-party registries (such as Artifactory, Azure Artifacts, or Nexus), you can only use the `dependabot.yml` registry configuration or organization-level private registry settings. See [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot).
+ 
+## How to enable automatic access
+ 
+For each package that {% data variables.product.prodname_dependabot %} needs to read, you need to go to the package's settings page and add the repository that runs {% data variables.product.prodname_dependabot %} with **Read** access. See [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot#configuring-private-github-hosted-registries).
+ 
+Once the repository has been granted access, {% data variables.product.prodname_dependabot %} can pull from that package automatically. You do not need to configure the `dependabot.yml` file, and you can remove any existing {% data variables.product.pat_generic %}-based registry entries you previously added for these packages.
+ 
+For more information about configuring package access, see [AUTOTITLE](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility#ensuring-workflow-access-to-your-package).

content/code-security/concepts/supply-chain-security/index.md

@@ -22,10 +22,10 @@ children:
   - dependabot-pull-requests
   - multi-ecosystem-updates
   - about-the-dependabot-yml-file
+  - automatic-dependabot-access-to-github-registries
   - dependabot-auto-triage-rules
   - dependabot-on-actions
   - dependabot-job-logs
   - immutable-releases
   - linked-artifacts
 ---
-

content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries.md

@@ -81,6 +81,19 @@ Any private registries used by the build must also be accessible to the workflow
 
 When you configure access to one or more private registries, {% data variables.product.prodname_dependabot %} can propose pull requests to upgrade a vulnerable dependency or to maintain a dependency, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot) and [AUTOTITLE](/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot).
 
+{% ifversion org-automatic-registry-access %}
+
+### Automatic access to {% data variables.product.github %}-hosted registries
+ 
+For packages stored in {% data variables.product.prodname_registry %} and {% data variables.product.prodname_container_registry %}, {% data variables.product.prodname_dependabot %} can authenticate automatically without {% data variables.product.pat_generic_plural %} or `dependabot.yml` registry configuration. 
+
+{% data variables.product.prodname_dependabot %} uses its `GITHUB_TOKEN` to request read access, reusing the same package access grants that {% data variables.product.prodname_actions %} workflows use.
+ 
+To enable this, grant the repository **Read** access to each package in the package settings. Once access is granted, {% data variables.product.prodname_dependabot %} can pull from those packages automatically, and you can remove any {% data variables.product.pat_generic %}-based registry entries you previously configured for them.
+ 
+See [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot#configuring-private-github-hosted-registries).
+{% endif %}
+
 {% ifversion org-private-registry-oidc %}
 
 ### Configuring OIDC authentication for a private registry

content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configure-access-to-private-registries.md

@@ -29,8 +29,41 @@ For specific ecosystems, you can configure {% data variables.product.prodname_de
 
 {% ifversion dependabot-on-actions-self-hosted %}To allow {% data variables.product.prodname_dependabot %} access to registries hosted privately or restricted to internal networks, configure {% data variables.product.prodname_dependabot %} to run on {% data variables.product.prodname_actions %} self-hosted runners. For more information, see [AUTOTITLE](/code-security/dependabot/maintain-dependencies/managing-dependabot-on-self-hosted-runners).{% endif %}
 
+{% ifversion org-automatic-registry-access %}
+
+## Configuring private {% data variables.product.github %}-hosted registries
+
+For packages stored in {% data variables.product.prodname_registry %} or {% data variables.product.prodname_container_registry %}, {% data variables.product.prodname_dependabot %} can authenticate automatically using its `GITHUB_TOKEN`. This uses the same "Manage Actions access" grants that {% data variables.product.prodname_actions %} workflows use. No {% data variables.product.pat_generic_plural %} or `dependabot.yml` registry entries are required.git push
+
+The `dependabot.yml` registry configuration using {% data variables.product.pat_generic_title_case %}-based registry entries and described in [Configuring private third-party registries](#configuring-private-third-party-registries) is still required for third-party private registries (such as Artifactory, Azure Artifacts, or Nexus).
+ 
+To grant {% data variables.product.prodname_dependabot %} access to a private package:
+
+ {% data reusables.package_registry.package-settings-from-org-level %}
+ {% data reusables.package_registry.package-settings-option %}
+ {% data reusables.package_registry.package-settings-actions-access %}
+ 1. {% data reusables.package_registry.package-settings-add-repo %}. 
+    Search for the repository where {% data variables.product.prodname_dependabot %} runs, and select it.
+ {% data reusables.package_registry.package-settings-actions-access-role-repo %}
+    Select **Read** as the access level. {% data variables.product.prodname_dependabot %} only needs read access to pull packages.
+
+You need to repeat these steps for each private package that you want {% data variables.product.prodname_dependabot %} to access.
+ 
+Once access is granted, {% data variables.product.prodname_dependabot %} can pull from those packages automatically. You can remove any {% data variables.product.pat_generic %}-based registry entries in `dependabot.yml` that you previously configured for these packages.
+ 
+> [!NOTE]
+> This method works for every {% data variables.product.prodname_registry %} ecosystem that {% data variables.product.prodname_dependabot %} supports, including container images in {% data variables.product.prodname_container_registry %}.
+ 
+For more information about how automatic access works, see [AUTOTITLE](/code-security/concepts/supply-chain-security/automatic-dependabot-access-to-github-registries). For more information about package access settings, see [AUTOTITLE](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility#ensuring-workflow-access-to-your-package).
+
+## Configuring private third-party registries
+
+{% else %}
+
 ## Configuring private registries
 
+{% endif %}
+
 {% ifversion org-private-registry %}
 
 You can configure {% data variables.product.prodname_dependabot %}'s access to private registries at the org-level.