Publicamos atualizações frequentes em nossa documentação, e a tradução desta página ainda pode estar em andamento. Para obter as informações mais recentes, acesse a documentação em inglês. Se houver problemas com a tradução desta página, entre em contato conosco.

Configuring notifications for vulnerable dependencies

Optimize how you receive notifications about Dependabot alerts.

Neste artigo

About notifications for vulnerable dependencies

When Dependabot detects vulnerable dependencies in your repositories, we generate a Dependabot alert and display it on the Security tab for the repository. GitHub notifies the maintainers of affected repositories about the new alert according to their notification preferences. Dependabot is enabled by default on all public repositories. For Dependabot alerts, by default, you will receive Dependabot alerts by email, grouped by the specific vulnerability.

If you're an organization owner, you can enable or disable Dependabot alerts for all repositories in your organization with one click. You can also set whether the detection of vulnerable dependencies will be enabled or disabled for newly-created repositories. For more information, see "Managing security and analysis settings for your organization."

Configuring notifications for Dependabot alerts

You can configure notification settings for yourself or your organization from the Manage notifications drop-down shown at the top of each page. For more information, see "Configuring notifications."

You can choose the delivery method for notifications about Dependabot alerts on repositories that you are watching, as well as the frequency at which the notifications are sent to you.

By default, you will receive notification of new Dependabot alerts:

  • by email, an email is sent every time a vulnerability with a critical or high severity is found (Email each time a vulnerability is found option)
  • in the user interface, a warning is shown in your repository's file and code views if there are any vulnerable dependencies (UI alerts option)
  • on the command line, warnings are displayed as callbacks when you push to repositories with any vulnerable dependencies (Command Line option)
  • in your inbox, as web notifications for new vulnerabilities with a critical or high severity (Web option) You can customize the way you are notified about

Dependabot alerts. For example, you can receive a weekly digest email summarizing alerts for up to 10 of your repositories using the Email a digest summary of vulnerabilities and Weekly security email digest options.

Dependabot alerts options

Note: You can filter your GitHub inbox notifications to show Dependabot alerts. For more information, see "Managing notifications from your inbox."

Notificações de e-mail para Dependabot alerts que afetam um ou mais repositórios incluem o campo do cabeçalho X-GitHub-Severity. Você pode usar o valor do campo de cabeçalho X-GitHub-Severity para filtrar notificações de e-mail para Dependabot alerts. For more information, see "Configuring notifications."

How to reduce the noise from notifications for vulnerable dependencies

If you are concerned about receiving too many notifications for Dependabot alerts, we recommend you opt into the weekly email digest, or turn off notifications while keeping Dependabot alerts enabled. You can still navigate to see your Dependabot alerts in your repository's Security tab. For more information, see "Viewing and updating vulnerable dependencies in your repository."

Further reading

Esse documento ajudou você?

Privacy policy

Ajude-nos a tornar esses documentos ótimos!

Todos os documentos do GitHub são de código aberto. Você percebeu que algo que está errado ou não está claro? Envie um pull request.

Faça uma contribuição

Ou, aprenda como contribuir.