Viewing and updating vulnerable dependencies in your repository

If GitHub Enterprise discovers vulnerable dependencies in your project, you can view them on the Dependabot alerts tab of your repository. Then, you can update your project to resolve or dismiss the vulnerability.

Repository administrators and organization owners can view and update dependencies.

Your repository's Dependabot de GitHub alerts tab lists all open and closed Alertas del Dependabot de GitHub. You can sort the list of alerts using the drop-down menu, and you can click into specific alerts for more details. For more information, see "About alerts for vulnerable dependencies."

Viewing and updating vulnerable dependencies

  1. En GitHub Enterprise, visita la página principal del repositorio.
  2. Debajo de tu nombre de repositorio, da clic en Seguridad. Pestaña de seguridad
  3. En la barra lateral de seguridad, da clic en alertas del . Pestaña de alertas del
  4. Click the alert you'd like to view. Alert selected in list of alerts
  5. Review the details of the vulnerability and determine whether or not you need to update the dependency.
  6. When you merge a pull request that updates the manifest or lock file to a secure version of the dependency, this will resolve the alert. Alternatively, if you decide not to update the dependency, click the Dismiss drop-down, and select a reason for dismissing the alert. Choosing reason for dismissing the alert via the "Dismiss" drop-down

Further reading

Did this doc help you?Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

O, learn how to contribute.