About Dependabotアラート for vulnerable dependencies
脆弱性とは、プロジェクトあるいはそのコードを利用する他のプロジェクトにおいて、秘密性、一貫性、可用性を損なうために悪用されうる、プロジェクトコードの問題です。 脆弱性の種類、重要度、攻撃の方法は様々です。
Dependabot scans code when a new advisory is added to the GitHub Advisory Database or the dependency graph for a repository changes. When vulnerable dependencies are detected, Dependabotアラート are generated. For more information, see "About Dependabotアラート."
You can enable or disable Dependabotアラート for:
- Your personal account
- Your repository
- Your organization
Managing Dependabotアラート for your personal account
Dependabotアラート for your repositories can be enabled or disabled by your enterprise owner. For more information, see "Enabling Dependabot for your enterprise."
Managing Dependabotアラート for your repository
Dependabotアラート for your repository can be enabled or disabled by your enterprise owner. For more information, see "Enabling Dependabot for your enterprise."
Managing Dependabotアラート for your organization
Dependabotアラート for your organization can be enabled or disabled by your enterprise owner. For more information, see "About Dependabot for GitHub Enterprise Server."