Skip to main content

Prioritizing Dependabot alerts with Dependabot auto-triage rules

You can use Dependabot auto-triage rules to prioritize Dependabot alerts.

Note: Dependabot auto-triage rules are currently in beta and are subject to change.

About Dependabot auto-triage rules

Dependabot auto-triage rules are a powerful tool to help you better manage your security alerts at scale. GitHub presets are rules curated by GitHub that you can use to filter out a substantial amount of false positives. Custom auto-triage rules provide control over which alerts are ignored, snoozed, or trigger a Dependabot security update to resolve the alert.

Using GitHub preset rules to prioritize Dependabot alerts

You can use GitHub presets, which are rules curated by GitHub, to auto-dismiss low impact development alerts for npm dependencies.

Customizing auto-triage rules to prioritize Dependabot alerts

You can create your own auto-triage rules to control which alerts are dismissed or snoozed, and which alerts you want Dependabot to open pull requests for.

Managing alerts that have been automatically dismissed by a Dependabot auto-triage rule

You can filter to see which alerts have been auto-dismissed by a rule, and you can reopen dismissed alerts.