About notifications for vulnerable dependencies
When Dependabot detects vulnerable dependencies in your repositories, we generate a Dependabot alert and display it on the Security tab for the repository. GitHub Enterprise Server notifies the maintainers of affected repositories about the new alert according to their notification preferences.
By default, if your site administrator has configured email for notifications on your enterprise, you will receive Dependabot alerts by email.
Site administrators can also enable Dependabot alerts without notifications. For more information, see "Enabling Dependabot alerts for vulnerable dependencies on GitHub Enterprise Server."
Configuring notifications for Dependabot alerts
You can configure notification settings for yourself or your organization from the Manage notifications drop-down shown at the top of each page. Weitere Informationen findest Du unter „Benachrichtigungen konfigurieren."
You can choose the delivery method for notifications about Dependabot alerts on repositories that you are watching, as well as the frequency at which the notifications are sent to you.
By default, if your site administrator has configured email for notifications on your instance, you will receive Dependabot alerts:
- by email, an email is sent every time a vulnerability is found (Email each time a vulnerability is found option)
- in the user interface, a warning is shown in your repository's file and code views if there are any vulnerable dependencies (UI alerts option)
- on the command line, warnings are displayed as callbacks when you push to repositories with any vulnerable dependencies (Command Line option)
- in your inbox, as web notifications (Web option) You can customize the way you are notified about
Dependabot alerts. For example, you can receive a weekly digest email summarizing alerts for up to 10 of your repositories using the Email a digest summary of vulnerabilities and Weekly security email digest options.
Note: You can filter your notifications on GitHub to show Dependabot alerts. Weitere Informationen findest Du unter „Benachrichtigungen über Deinen Posteingang verwalten."
Email notifications for Dependabot alerts that affect one or more repositories include the X-GitHub-Severity
header field. You can use the value of the X-GitHub-Severity
header field to filter email notifications for Dependabot alerts. Weitere Informationen findest Du unter „Benachrichtigungen konfigurieren.“
How to reduce the noise from notifications for vulnerable dependencies
If you are concerned about receiving too many notifications for Dependabot alerts, we recommend you opt into the weekly email digest, or turn off notifications while keeping Dependabot alerts enabled. You can still navigate to see your Dependabot alerts in your repository's Security tab.