You can browse the GitHub Advisory Database to find advisories for security risks in open source projects that are hosted on GitHub.
You can submit improvements to any advisory published in the GitHub Advisory Database.
当我们检测到存储库使用易受攻击的依赖项 时，GitHub 发送 Dependabot alerts。
启用相关选项，使得在存储库之一发现新的易受攻击依赖项时生成 Dependabot alerts。
If GitHub discovers insecure dependencies in your project, you can view details on the Dependabot alerts tab of your repository. Then, you can update your project to resolve or dismiss the alert.
Optimize how you receive notifications about Dependabot alerts.