👋 We've unified all of GitHub's product documentation in one place! Check out the content for REST API, GraphQL API, and Developers. Learn more on the GitHub blog.

Managing alerts for vulnerable dependencies in your organization

Organization owners and repository admins receive GitHub Dependabot alerts when we detect a vulnerable dependency in an organization''s repository. You can specify additional organization members or teams with write access to also receive alerts for vulnerable dependencies.

Note: The code scanning and secret scanning beta includes a new experience for managing people and teams with access to security alerts. If you're participating in the beta, skip the following steps and see "Managing security and analysis settings for your repository."

  1. On GitHub, navigate to the main page of the repository.
  2. Under your repository name, click Settings.
    Repository settings button
  3. In the left sidebar, click Dependabot alerts.
    Dependabot alerts tab in the settings sidebar
  4. Type the name of the person or team you'd like to receive GitHub Dependabot alerts when GitHub detects a vulnerable dependency, then click their username or team name to select it.
  5. After you've selected all of the people or teams you'd like to receive GitHub Dependabot alerts, click Save changes.

Further reading

Ask a human

Can't find what you're looking for?

Contact us