Identifying vulnerabilities in your project's dependencies with Dependabot alerts
Dependabot generates Dependabot alerts when known vulnerabilites are detected in dependencies that your project uses.
About Dependabot alerts
GitHub sends Dependabot alerts when we detect that your repository uses a vulnerable dependency or malware.
Configuring Dependabot alerts
Enable Dependabot alerts to be generated when a new vulnerable dependency or malware is found in one of your repositories.
Viewing and updating Dependabot alerts
If GitHub discovers insecure dependencies in your project, you can view details on the Dependabot alerts tab of your repository. Then, you can update your project to resolve or dismiss the alert.
Using alert rules to prioritize Dependabot alerts
You can use Dependabot alert rules to filter out false positive alerts or alerts you're not interested in.
Configuring notifications for Dependabot alerts
Optimize how you receive notifications about Dependabot alerts.