Skip to main content

Configuring Dependabot alerts

Enable Dependabotアラート to be generated when a new vulnerable dependency is found in one of your repositories.

About Dependabotアラート for vulnerable dependencies

脆弱性とは、プロジェクトあるいはそのコードを利用する他のプロジェクトにおいて、秘密性、一貫性、可用性を損なうために悪用されうる、プロジェクトコードの問題です。 脆弱性の種類、重要度、攻撃の方法は様々です。

Dependabot scans code when a new advisory is added to the GitHub Advisory Database or the dependency graph for a repository changes. When vulnerable dependencies are detected, Dependabotアラート are generated. For more information, see "About Dependabotアラート."

You can enable or disable Dependabotアラート for:

  • Your personal account
  • Your repository
  • Your organization

Managing Dependabotアラート for your personal account

Dependabotアラート for your repositories can be enabled or disabled by your enterprise owner. For more information, see "Enabling Dependabot for your enterprise."

Managing Dependabotアラート for your repository

Dependabotアラート for your repository can be enabled or disabled by your enterprise owner. For more information, see "Enabling Dependabot for your enterprise."

Managing Dependabotアラート for your organization

Dependabotアラート for your organization can be enabled or disabled by your enterprise owner. For more information, see "About Dependabot for GitHub Enterprise Server."