Add networking requirement to Dependabot on self-hosted runners artic…

…le (#52924) Co-authored-by: Art Leo <[email protected]>
github · Nov 1, 2024 · e576141 · e576141
1 parent 8935c41
commit e576141
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/data/reusables/dependabot/dependabot-runners-network-requirements.md b/data/reusables/dependabot/dependabot-runners-network-requirements.md
@@ -1 +1,6 @@
 {% data variables.product.prodname_dependabot %} runners require access to the public internet, {% data variables.product.prodname_dotcom_the_website %}, and any internal registries that will be used in {% data variables.product.prodname_dependabot_updates %}. To minimize the risk to your internal network, you should limit access from the Virtual Machine (VM) to your internal network. This reduces the potential for damage to internal systems if a runner were to download a hijacked dependency.
+
+{% ifversion fpt or ghec %}
+You must also allow outbound traffic to `dependabot-actions.githubapp.com` to prevent the jobs for {% data variables.product.prodname_dependabot_security_updates %} from failing. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#communication-between-self-hosted-runners-and-github)."
+
+{% endif %}