docs: verify Dependabot settings evidence

CHANGELOG.md

@@ -19,6 +19,7 @@ This project has a published GitHub Release line, but no stable support or API g
 
 ### Changed
 
+- Synced Dependabot malware alerts and grouped security updates documentation with follow-up Advanced Security UI evidence, while keeping Dependabot version updates deferred.
 - Synced product strategy and support public-truth wording with v0.3.0, and expanded the post-release audit guard for stale version and private reporting claims.
 - Improved PyPI package metadata with SPDX license metadata, explicit license files, project URLs, and additional classifiers.
 - Synced the README source-tree layout with the actual v0.3.0 module structure.

docs/DEPENDABOT-DEPENDENCY-GRAPH.md

@@ -2,7 +2,7 @@
 
 Status: manual GitHub UI verification record.
 Scope: post-v0.3.0 maintenance hardening.
-Branch: `security/evaluate-dependabot-dependency-graph`.
+Branch: `security/evaluate-dependabot-dependency-graph`; updated by `security/verify-dependabot-settings`.
 Date: 2026-06-19.
 
 This document records GitHub repository security settings that affect dependency visibility and Dependabot behavior for `agent-rules-kit`.
@@ -11,15 +11,31 @@ It is not a security guarantee. It does not make `agent-rules-kit` a dependency
 
 ## Evidence rules
 
-GitHub repository settings are treated as manual UI evidence in this record.
+Evidence is ranked in this record as follows:
+
+1. Official GitHub documentation for feature behavior and supported API endpoints.
+2. Read-only terminal/API probes against the live repository.
+3. GitHub Advanced Security UI evidence when no clear API field exposes a setting.
+4. Trusted external sources only as secondary context, never as the source of truth for this repository state.
 
 In the GitHub `Settings` -> `Advanced Security` page:
 
 - a `Disable` button means the setting is currently enabled;
 - an `Enable` button means the setting is currently disabled;
 - a `Disabled` dropdown value means the setting is currently disabled.
 
-The GitHub REST API output was treated as best-effort evidence only. In this phase, the `security_and_analysis`, Dependabot alerts, and SBOM API checks did not provide clear positive evidence for every setting, so the GitHub UI remains the source for the manual setting claims below.
+The GitHub REST and GraphQL APIs are preferred when they expose clear repository state. The GitHub UI remains the evidence source for settings that were visible in Advanced Security but not clearly exposed by the available API probes in this phase.
+
+Follow-up verification notes from `security/verify-dependabot-settings`:
+
+- `GET /repos/{owner}/{repo}/vulnerability-alerts` returned HTTP `204`, matching GitHub's documented enabled response for vulnerability/dependency alerts;
+- `GET /repos/{owner}/{repo}/automated-security-fixes` returned `enabled: true` and `paused: false`;
+- `GET /repos/{owner}/{repo}/private-vulnerability-reporting` returned `enabled: true`;
+- GraphQL exposed dependency/vulnerability alert fields, including `hasVulnerabilityAlertsEnabled`;
+- `GET /repos/{owner}/{repo}/dependabot/alerts` returned an empty list, so no open Dependabot alerts were visible at verification time;
+- no REST or GraphQL field was found in this phase that clearly exposes the Grouped security updates or Dependabot malware alerts toggle state;
+- the GitHub Advanced Security UI screenshots are therefore the evidence source for the malware alerts and grouped security updates claims;
+- no `.github/dependabot.yml` exists, so Dependabot version updates remain not configured by repository file.
 
 ## Current repository setting record
 
@@ -30,10 +46,10 @@ The GitHub REST API output was treated as best-effort evidence only. In this pha
 | Automatic dependency submission | Disabled / deferred | Advanced Security UI showed `Disabled` | Deferred because the current project has only `pyproject.toml` as a dependency manifest and no lockfile or complex build-time dependency submission need. |
 | Dependabot alerts | Enabled | Advanced Security UI showed `Disable` | Alerts depend on dependency graph coverage and GitHub Advisory Database data. |
 | Dependabot rules | Present, not fully evaluated | Advanced Security UI showed `1 rule enabled` | This record does not claim what the rule does because the rule content was not inspected. |
-| Dependabot malware alerts | Not claimed enabled in this record | Captured UI evidence showed `Enable` | If later enabled, update this record only after the button shows `Disable`. |
+| Dependabot malware alerts | Enabled | Advanced Security UI showed `Disable` in the follow-up verification phase | Alerts when malware is detected in dependencies; this is a repository-maintenance signal, not a product guarantee. |
 | Dependabot security updates | Enabled | Advanced Security UI showed `Disable` | May open security PRs when Dependabot alerts have available patches. |
-| Grouped security updates | Not claimed enabled in this record | Captured UI evidence showed `Enable` | If later enabled, update this record only after the button shows `Disable`. |
-| Dependabot version updates | Deferred | Advanced Security UI showed `Enable`; no `.github/dependabot.yml` exists | Version updates require a committed `.github/dependabot.yml` and should be handled in a dedicated phase. |
+| Grouped security updates | Enabled | Advanced Security UI showed `Disable` in the follow-up verification phase | Groups available Dependabot alert fixes into one pull request per package manager and manifest directory, unless overridden by rules. |
+| Dependabot version updates | Disabled / not configured | Advanced Security UI showed `Enable`; no `.github/dependabot.yml` exists | Version updates require a committed `.github/dependabot.yml` and should be handled in a dedicated phase. |
 | CodeQL analysis | Enabled | Advanced Security UI showed CodeQL advanced setup and recent scan | Additional signal only; not a guarantee. |
 | Copilot Autofix | Enabled as suggestion source | Advanced Security UI showed `On` | Suggestions must not bypass branch, diff, tests, CI, or PR review. |
 | Secret Protection | Enabled | Advanced Security UI showed `Disable` | Keep active; this record does not configure custom patterns. |
@@ -92,7 +108,7 @@ Update this record when:
 - `.github/dependabot.yml` is added;
 - a lockfile is introduced;
 - runtime dependencies are added;
-- Dependabot malware alerts or grouped security updates are manually verified as enabled;
+- Dependabot malware alerts, grouped security updates, or Dependabot version updates change state;
 - Dependabot rules are opened and documented;
 - GitHub changes the Advanced Security UI or API fields used as evidence;
 - the release process starts relying on SBOM or dependency submission evidence.

docs/SECURITY-SUPPLY-CHAIN-EVALUATION.md

@@ -84,7 +84,9 @@ Current repository setting record:
 - Dependabot security updates are manually verified as enabled;
 - Dependabot version updates are deferred because no `.github/dependabot.yml` exists in this phase;
 - automatic dependency submission is deferred;
-- malware alerts and grouped security updates are not claimed as enabled in this record unless separately verified by a later UI check.
+- Dependabot malware alerts and grouped security updates are manually verified as enabled by the follow-up Advanced Security UI evidence;
+- Dependabot version updates remain disabled / not configured because no `.github/dependabot.yml` exists;
+- terminal/API probes are preferred for repeatable evidence, while UI evidence is retained only for settings without a clear API state in this phase.
 
 See `docs/DEPENDABOT-DEPENDENCY-GRAPH.md` for the dedicated settings record.
 
@@ -100,6 +102,7 @@ Recommended future Dependabot phase boundaries:
 
 - inspect and document the existing Dependabot rule before claiming it as a control;
 - decide whether to add `.github/dependabot.yml` for version updates in a separate branch;
+- keep malware alerts and grouped security updates documented as repository-maintenance signals, not security guarantees;
 - do not combine version-update automation with CodeQL, release, or security-policy changes.
 
 ## OpenSSF Scorecard

scripts/post-release-audit.sh

@@ -67,6 +67,13 @@ require_contains docs/THREAT-MODEL.md 'v0\.3\.0 doctor, budget, and explain comm
 require_contains docs/PRODUCT-STRATEGY.md 'published v0\.3\.0 GitHub Release and PyPI package line'
 require_contains docs/PRODUCT-STRATEGY.md 'Status: published in v0\.3\.0'
 require_contains SUPPORT.md 'Private vulnerability reporting is enabled'
+require_contains docs/DEPENDABOT-DEPENDENCY-GRAPH.md 'Dependabot malware alerts | Enabled'
+require_contains docs/DEPENDABOT-DEPENDENCY-GRAPH.md 'Grouped security updates | Enabled'
+require_contains docs/DEPENDABOT-DEPENDENCY-GRAPH.md 'Dependabot version updates | Disabled / not configured'
+require_contains docs/DEPENDABOT-DEPENDENCY-GRAPH.md 'Evidence is ranked in this record as follows'
+require_contains docs/DEPENDABOT-DEPENDENCY-GRAPH.md 'vulnerability-alerts` returned HTTP `204`'
+require_contains docs/DEPENDABOT-DEPENDENCY-GRAPH.md 'private-vulnerability-reporting` returned `enabled: true`'
+require_contains docs/SECURITY-SUPPLY-CHAIN-EVALUATION.md 'Dependabot malware alerts and grouped security updates are manually verified as enabled'
 require_contains docs/V0.3.0-POST-RELEASE-AUDIT.md 'v0\.3\.0'
 printf 'OK: v0.3.0 documentation sanity checks passed.\n'