Skip to main content

Configuring Dependabot alerts

Enable Dependabot 警报 to be generated when a new vulnerable dependency is found in one of your repositories.

About Dependabot 警报 for vulnerable dependencies

漏洞是项目代码中的问题,可能被利用来损害机密性、完整性或者该项目或其他使用其代码的项目的可用性。 漏洞的类型、严重性和攻击方法各不相同。

Dependabot scans code when a new advisory is added to the GitHub Advisory Database or the dependency graph for a repository changes. When vulnerable dependencies are detected, Dependabot 警报 are generated. For more information, see "About Dependabot 警报."

You can enable or disable Dependabot 警报 for:

  • Your personal account
  • Your repository
  • Your organization

Managing Dependabot 警报 for your personal account

Dependabot 警报 for your repositories can be enabled or disabled by your enterprise owner. For more information, see "Enabling Dependabot for your enterprise."

Managing Dependabot 警报 for your repository

Dependabot 警报 for your repository can be enabled or disabled by your enterprise owner. For more information, see "Enabling Dependabot for your enterprise."

Managing Dependabot 警报 for your organization

Dependabot 警报 for your organization can be enabled or disabled by your enterprise owner. For more information, see "About Dependabot for GitHub Enterprise Server."