我们经常发布文档更新,此页面的翻译可能仍在进行中。有关最新信息,请访问英文文档。如果此页面上的翻译有问题,请告诉我们

Configuring notifications for vulnerable dependencies

Optimize how you receive notifications about Dependabot alerts.

本文内容

About notifications for vulnerable dependencies

When Dependabot detects vulnerable dependencies in your repositories, we generate a Dependabot alert and display it on the Security tab for the repository. GitHub notifies the maintainers of affected repositories about the new alert according to their notification preferences. Dependabot is enabled by default on all public repositories. For Dependabot alerts, by default, you will receive Dependabot alerts by email, grouped by the specific vulnerability.

If you're an organization owner, you can enable or disable Dependabot alerts for all repositories in your organization with one click. You can also set whether the detection of vulnerable dependencies will be enabled or disabled for newly-created repositories. For more information, see "Managing security and analysis settings for your organization."

Configuring notifications for Dependabot alerts

You can configure notification settings for yourself or your organization from the Manage notifications drop-down shown at the top of each page. For more information, see "Configuring notifications."

您可以选择传送您所关注的仓库中Dependabot alerts的方式,以及您接收通知的频率。

默认情况下,您将收到新 Dependabot alerts 的通知:

  • 通过电子邮件收到通知, 每次发现关键或严重性高的漏洞时都会发送电子邮件(每次发现漏洞时发送电子邮件选项)
  • 在用户界面中接收通知,如有任何漏洞依赖项,将在仓库的文件和代码视图中显示警告(UI 警报选项)
  • 在命令行上接收通知,当您推送到具有任何漏洞依赖项的仓库时,警告将显示为回叫(命令行选项)
  • 在收件箱中收到通知,关键或严重性高的新漏洞会显示 Web 通知(Web 选项) 您可以自定义您接收

Dependabot alerts 的通知。 例如,您可以使用 Email a digest summary of vulnerabilities(以电子邮件发送漏洞摘要)Weekly security email digest(每周安全性电子邮件摘要)选项通过电子邮件接收最多 10 个仓库的每周警报摘要。

Dependabot alerts options

Note: You can filter your GitHub inbox notifications to show Dependabot alerts. For more information, see "Managing notifications from your inbox."

影响一个或多个仓库的Dependabot alerts电子邮件通知包含 X-GitHub-Severity 标头字段。 您可以使用 X-GitHub-Severity 标头字段的值过滤Dependabot alerts的电子邮件通知。 For more information, see "Configuring notifications."

How to reduce the noise from notifications for vulnerable dependencies

If you are concerned about receiving too many notifications for Dependabot alerts, we recommend you opt into the weekly email digest, or turn off notifications while keeping Dependabot alerts enabled. You can still navigate to see your Dependabot alerts in your repository's Security tab. For more information, see "Viewing and updating vulnerable dependencies in your repository."

Further reading

此文档对您有帮助吗?

Privacy policy

帮助我们创建出色的文档!

所有 GitHub 文档都是开源的。看到错误或不清楚的内容了吗?提交拉取请求。

做出贡献

或, 了解如何参与。