When Dependabot detects vulnerable dependencies in a repository, it generates alerts. For more information, see Dependabot alerts.
You can enable or disable Dependabot alerts for:
- Your personal account
- Your repository
- Your organization
- Your enterprise
Hinweis
An enterprise owner must first set up Dependabot for your enterprise before you can configure Dependabot alerts. For more information, see Aktivieren von Dependabot für dein Unternehmen.
Managing Dependabot alerts for your personal account
Dependabot alerts for your repositories can be enabled or disabled by your enterprise owner. For more information, see Aktivieren von Dependabot für dein Unternehmen.
Managing Dependabot alerts for your repository
You can manage Dependabot alerts for your public, private or internal repository.
By default, we notify people with write, maintain, or admin permissions in the affected repositories about new Dependabot alerts. GitHub never publicly discloses insecure dependencies for any repository. You can also make Dependabot alerts visible to additional people or teams working on repositories that you own or have admin permissions for.
An enterprise owner must first set up Dependabot for your enterprise before you can manage Dependabot alerts for your repository. For more information, see Aktivieren von Dependabot für dein Unternehmen.
Enabling or disabling Dependabot alerts for a repository
-
Navigieren Sie auf GitHub zur Hauptseite des Repositorys.
-
Klicke unter dem Repositorynamen auf Settings. Wenn die Registerkarte „Einstellungen“ nicht angezeigt wird, wähle im Dropdownmenü die Option Einstellungen aus.
-
Klicke im Abschnitt „Security“ der Randleiste auf Advanced Security.
-
Under "Advanced Security", to the right of Dependabot alerts, click Enable to enable alerts or Disable to disable alerts.
Managing Dependabot alerts for your organization
You can enable Dependabot alerts for all eligible repositories in your organization. For more information, see Enabling security features at scale.
Managing Dependabot alerts for your enterprise
Security configurations, which are collections of security settings, allow you to manage Dependabot alerts for your enterprise. You can configure your own custom security configuration to have the enablement settings to meet the specific security needs of your enterprise. See Creating a custom security configuration for your enterprise.
Managing Dependabot alerts at scale with rules
Darüber hinaus können Sie Dependabot auto-triage rules verwenden, um Ihre Warnungen in großem Umfang zu verwalten, so dass Sie Warnungen automatisch ignorieren oder den Standbymodus aktivieren können und angeben können, für welche Warnungen Dependabot Pull Requests öffnen soll. Weitere Informationen zu den verschiedenen Typen von Regeln für die automatische Triage und zu den Berechtigungen deiner Repositorys findest du unter Dependabot auto-triage rules.