GitHub helps you to avoid using third-party software that contains known vulnerabilities.
Die GitHub Advisory Database erlaubt Dir, nach Schwachstellen zu suchen, die Open-Source-Projekte auf GitHub betreffen.
GitHub sends Dependabot alerts when we detect vulnerabilities affecting your repository.
Optimize how you receive notifications about Dependabot alerts.
Dependabot can fix vulnerable dependencies for you by raising pull requests with security updates.
You can use Dependabot security updates or manual pull requests to easily update vulnerable dependencies.
If GitHub discovers vulnerable dependencies in your project, you can view them on the Dependabot alerts tab of your repository. Then, you can update your project to resolve or dismiss the vulnerability.
If the dependency information reported by GitHub is not what you expected, there are a number of points to consider, and various things you can check.
Sometimes Dependabot is unable to raise a pull request to update your dependencies. You can review the error and unblock Dependabot.
All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.
Oder, learn how to contribute.