When Dependabot detects vulnerable dependencies in your repositories, we generate a Dependabot alert and display it on the Security tab for the repository. GitHub AE notifies the maintainers of affected repositories about the new alert according to their notification preferences.
By default, if your enterprise owner has configured email for notifications on your enterprise, you will receive Dependabot alerts by email.
Enterprise owners can also enable Dependabot alerts without notifications. For more information, see "Enabling Dependabot for your enterprise."
You can configure notification settings for yourself or your organization from the Manage notifications drop-down shown at the top of each page. For more information, see "Configuring notifications."
通知の配信方法と、通知が送信される頻度を選択できます。 By default, if your enterprise owner has configured email for notifications on your instance, you will receive Dependabot alerts:
- in your inbox, as web notifications. A web notification is sent when Dependabot is enabled for a repository, when a new manifest file is committed to the repository, and when a new vulnerability with a critical or high severity is found (On GitHub option).
- by email, an email is sent when Dependabot is enabled for a repository, when a new manifest file is committed to the repository, and when a new vulnerability with a critical or high severity is found (Email option).
- in the user interface, a warning is shown in your repository's file and code views if there are any insecure dependencies (UI alerts option).
- on the command line, warnings are displayed as callbacks when you push to repositories with any insecure dependencies (CLI option).
Note: The email and web notifications are:
per repository when Dependabot is enabled on the repository, or when a new manifest file is committed to the repository.
per organization when a new vulnerability is discovered.
You can customize the way you are notified about Dependabot alerts. For example, you can receive a weekly digest email summarizing alerts for up to 10 of your repositories using the Email a digest summary of vulnerabilities and Weekly security email digest options.
Note: You can filter your notifications on GitHub to show Dependabot alerts. For more information, see "Managing notifications from your inbox."
1 つ以上のリポジトリに影響する Dependabot alerts のメール通知には、
X-GitHub-Severity ヘッダー フィールドが含まれます。
X-GitHub-Severity ヘッダー フィールドの値を使用して、Dependabot alerts のメール通知をフィルター処理できます。 For more information, see "Configuring notifications."
If you are concerned about receiving too many notifications for Dependabot alerts, we recommend you opt into the weekly email digest, or turn off notifications while keeping Dependabot alerts enabled. You can still navigate to see your Dependabot alerts in your repository's Security tab. For more information, see "Viewing and updating Dependabot alerts."