Your repository's Dependabot alerts tab lists all open and closed Dependabot alerts. You can sort the list of alerts by selecting the drop-down menu, and you can click into specific alerts for more details. For more information, see "About alerts for vulnerable dependencies."
- On your GitHub Enterprise Server instance, navigate to the main page of the repository.
- Under your repository name, click Security.
- In the security sidebar, click Dependabot alerts.
- Click the alert you'd like to view.
- Review the details of the vulnerability and determine whether or not you need to update the dependency.
- When you merge a pull request that updates the manifest or lock file to a secure version of the dependency, this will resolve the alert. Alternatively, if you decide not to update the dependency, select the Dismiss drop-down, and click a reason for dismissing the alert.