此版本的 GitHub Enterprise 已停止服务 2021-06-09. 即使针对重大安全问题,也不会发布补丁。 要获得更好的性能、改进的安全性和新功能,请升级到 GitHub Enterprise 的最新版本。 如需升级方面的帮助,请联系 GitHub Enterprise 支持

Configuring notifications for vulnerable dependencies

Optimize how you receive notifications about security alerts.

About notifications for vulnerable dependencies

When GitHub Enterprise Server detects vulnerable dependencies in your repositories, it sends security alerts.

Your site administrator needs to enable security alerts for vulnerable dependencies for 您的 GitHub Enterprise Server 实例 before you can use the feature. For more information, see "Enabling alerts for vulnerable dependencies on GitHub Enterprise Server."

By default, if your site administrator has configured email for notifications on your enterprise, you will receive security alerts by email.

Site administrators can also enable security alerts without notifications. For more information, see "Enabling security alerts for vulnerable dependencies on GitHub Enterprise Server."

Configuring notifications for security alerts

You can configure notification settings for yourself or your organization from the Manage notifications drop-down shown at the top of each page. For more information, see "Configuring notifications."

您可以选择 您关注的仓库中安全警报通知的递送方式,以及您接收通知的频率。

默认情况下,如果站点管理员为您实例上的通知配置了电子邮件,您将收到安全警报:

  • 通过电子邮件收到通知, 每次发现漏洞时都会发送电子邮件(每次发现漏洞时发送电子邮件选项)
  • 在用户界面中,作为仓库文件和代码视图中的警告(UI 警报选项)
  • 在命令行上接收通知,当您推送到具有漏洞的仓库时,警告将显示为回叫(命令行选项)
  • 在收件箱中收到警报,作为 web 通知(Web 选项)

您可以自定义接收安全警报通知的方式。 例如,您可以使用 Email a digest summary of vulnerabilities(以电子邮件发送漏洞摘要)Weekly security email digest(每周安全性电子邮件摘要)选项通过电子邮件接收最多 10 个仓库的每周警报摘要。

Security alerts options

Note: You can filter your notifications on GitHub to show security alerts. For more information, see "Managing notifications from your inbox."

影响一个或多个仓库的安全警报电子邮件通知包含 X-GitHub-Severity 标头字段。 您可以使用 X-GitHub-Severity 标头字段的值过滤安全警报的电子邮件通知。 For more information, see "Configuring notifications."

How to reduce the noise from notifications for vulnerable dependencies

If you are concerned about receiving too many notifications for security alerts, we recommend you opt into the weekly email digest, or turn off notifications while keeping security alerts enabled. You can still navigate to see your security alerts in your repository's Security tab.

Further reading