Skip to main content

Configuring Dependabot alerts

Enable Dependabot 警报 to be generated when a new vulnerable dependency or malware is found in one of your repositories.

About Dependabot 警报 for vulnerable dependencies and malware

漏洞是项目代码中的问题,可能被利用来损害机密性、完整性或者该项目或其他使用其代码的项目的可用性。 漏洞的类型、严重性和攻击方法各不相同。

Dependabot scans code when a new advisory is added to the GitHub Advisory Database or the dependency graph for a repository changes. When vulnerable dependencies or malware are detected, Dependabot 警报 are generated. For more information, see "About Dependabot 警报."

You can enable or disable Dependabot 警报 for:

  • Your personal account
  • Your repository
  • Your organization

Managing Dependabot 警报 for your personal account

You can enable or disable Dependabot 警报 for all repositories owned by your personal account.

Enabling or disabling Dependabot 警报 for existing repositories

  1. 在任何页面的右上角,单击您的个人资料照片,然后单击 Settings(设置)

    用户栏中的 Settings 图标

  2. In the "Security" section of the sidebar, click Code security and analysis.

  3. Under "Code security and analysis", to the right of Dependabot 警报, click Disable all or Enable all. Screenshot of "Configure security and analysis" features with "Enable all" or "Disable all" buttons emphasized

  4. Optionally, enable Dependabot 警报 by default for new repositories that you create. Screenshot of "Enable Dependabot alerts" with "Enable by default for new private repositories" checkbox emphasized

  5. Click Disable Dependabot 警报 or Enable Dependabot 警报 to disable or enable Dependabot 警报 for all the repositories you own. Screenshot of "Enable Dependabot alerts" with "Enable  Dependabot alerts" button emphasized

When you enable Dependabot 警报 for existing repositories, you will see any results displayed on GitHub within minutes.

Enabling or disabling Dependabot 警报 for new repositories

  1. 在任何页面的右上角,单击您的个人资料照片,然后单击 Settings(设置)

    用户栏中的 Settings 图标

  2. In the "Security" section of the sidebar, click Code security and analysis.

  3. Under "Code security and analysis", to the right of Dependabot 警报, enable or disable Dependabot 警报 by default for new repositories that you create. Screenshot of "Configure security and analysis" with "Enable  for all new private repositories" check emphasized

Managing Dependabot 警报 for your repository

You can manage Dependabot 警报 for your public, private or internal repository.

By default, we notify people with admin permissions in the affected repositories about new Dependabot 警报. GitHub Enterprise Cloud never publicly discloses insecure dependencies for any repository. You can also make Dependabot 警报 visible to additional people or teams working repositories that you own or have admin permissions for.

如果启用安全和分析功能, GitHub 将对您的仓库进行只读分析。 更多信息请参阅“关于 GitHub 对数据的使用”。

Enabling or disabling Dependabot 警报 for a repository

  1. 在 GitHub.com 上,导航到仓库的主页面。

  2. 在仓库名称下,单击 Settings(设置)仓库设置按钮

  3. In the "Security" section of the sidebar, click Code security and analysis.

  4. Under "Code security and analysis", to the right of Dependabot 警报, click Enable to enable alerts or Disable to disable alerts. Screenshot of "Code security and analysis" section with button to enable Dependabot 安全更新

Managing Dependabot 警报 for your organization

You can enable or disable Dependabot 警报 for all repositories owned by your organization. Your changes affect all repositories.

Enabling or disabling Dependabot 警报 for all existing repositories

  1. 在 GitHub.com 的右上角,单击您的头像,然后单击 Your organizations(您的组织)个人资料菜单中的组织

  2. 在组织旁边,单击 Settings(设置)设置按钮

  3. 在边栏的“Security(安全性)”部分中,单击 Code security and analysis(代码安全性和分析)

  4. Under "Code security and analysis", to the right of Dependabot 警报, click Disable all or Enable all.

    Screenshot of "Configure security and analysis" features with the "Enable all" or "Disable all" button emphasized for Dependabot alerts

  5. Optionally, enable Dependabot 警报 by default for new repositories in your organization.

    Screenshot of "Enable by default" option for new repositories

  6. Click Disable Dependabot 警报 or Enable Dependabot 警报 to disable or enable Dependabot 警报 for all the repositories in your organization.

    Screenshot of "Enable Dependabot alerts" modal with button to disable or enable feature emphasized