关于有漏洞依赖项的通知
当 Dependabot 在您的仓库中检测到有漏洞依赖项时,我们将生成 Dependabot 警报,并将其显示在仓库的“Security(安全)”选项卡中。 GitHub Enterprise Server � �据通知首选项将新警报通知受影响仓库的维护员。
默认情况下,如果您的企业所有者已配置电子邮件以获取有关企业的通知,您将收到 Dependabot 警报 电子邮件。
企业所有者也可以在没有通知的情况下启用 Dependabot 警报。 For more information, see "Enabling Dependabot for your enterprise."
配置 Dependabot 警报 的通知
您可以从每个页面顶部显示的管理通知下拉菜单 为您自己或您的组织配置通知设置。 更多信息请参阅“配置通知”。
You can choose the delivery method for notifications, as well as the frequency at which the notifications are sent to you.
By default, if your site administrator has configured email for notifications on your instance, you will receive Dependabot 警报:
- by email, an email is sent every time a vulnerability is found (Email each time a vulnerability is found option)
- in the user interface, a warning is shown in your repository's file and code views if there are any vulnerable dependencies (UI alerts option)
- on the command line, warnings are displayed as callbacks when you push to repositories with any vulnerable dependencies (Command Line option)
- in your inbox, as web notifications (Web option)
You can customize the way you are notified about Dependabot 警报. For example, you can receive a weekly digest email summarizing alerts for up to 10 of your repositories using the Email a digest summary of vulnerabilities and Weekly security email digest options.
注意:您可以在 GitHub 上过滤通知以显示 Dependabot 警报。 更多信息请参阅“从收件箱管理通知”。
Email notifications for Dependabot 警报 that affect one or more repositories include the X-GitHub-Severity header field. You can use the value of the X-GitHub-Severity header field to filter email notifications for Dependabot 警报. 更多信息请参阅“配置通知”。
如何减少有漏洞依赖项通知的干扰
如果您想要收到太多 Dependabot 警报 的通知,我们建议您选择� 入每周的电子邮件摘要,或者在保持 Dependabot 警报 启用时关闭通知。 您仍可导航到仓库的 Security(安全性)选项卡查看 Dependabot 警报。 更多信息请参阅“查看和更新仓库中的漏洞依赖项”。