使用 Dependabot 警报识别项目依赖项中的漏洞

Dependabot 会在项目使用的依赖项中检测到已知漏洞时生成 Dependabot 警报。

Browsing security advisories in the GitHub Advisory Database
You can browse the GitHub Advisory Database to find advisories for security risks in open source projects that are hosted on GitHub.
Editing security advisories in the GitHub Advisory Database
You can submit improvements to any advisory published in the GitHub Advisory Database.
About Dependabot alerts
GitHub Enterprise Server sends Dependabot 警报 when we detect that your repository uses a vulnerable dependency.
Configuring Dependabot alerts
Enable Dependabot 警报 to be generated when a new vulnerable dependency is found in one of your repositories.
查看和更新 Dependabot 警报
如果 GitHub Enterprise Server 发现项目中存在不安全的依赖项，您可以在仓库的 Dependabot 警报选项卡中查看详细信息。然后，您可以更新项目以解决或忽略警报。
配置 Dependabot 警报的通知
优化接收 Dependabot 警报相关通知的方式。

Browsing security advisories in the GitHub Advisory Database