Your repository's Dependabot alerts tab lists all open and closed Dependabot alerts. You can sort the list of alerts using the drop-down menu, and you can click into specific alerts for more details. For more information, see "About alerts for vulnerable dependencies."
- On GitHub Enterprise Server, navigate to the main page of the repository.
- Under your repository name, click Security.
- In the security sidebar, click Dependabot alerts.
- Click the alert you'd like to view.
- Review the details of the vulnerability and determine whether or not you need to update the dependency.
- When you merge a pull request that updates the manifest or lock file to a secure version of the dependency, this will resolve the alert. Alternatively, if you decide not to update the dependency, click the Dismiss drop-down, and select a reason for dismissing the alert.