This version of GitHub Enterprise was discontinued on 2022-10-12. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.

Identifying vulnerabilities in your project's dependencies with Dependabot alerts

Dependabot generates Dependabot alerts when known vulnerabilites are detected in dependencies that your project uses.

Browsing security advisories in the GitHub Advisory Database
You can browse the GitHub Advisory Database to find advisories for security risks in open source projects that are hosted on GitHub.
Editing security advisories in the GitHub Advisory Database
You can submit improvements to any advisory published in the GitHub Advisory Database.
About Dependabot alerts
GitHub Enterprise Server sends Dependabot alerts when we detect that your repository uses a vulnerable dependency.
Configuring Dependabot alerts
Enable Dependabot alerts to be generated when a new vulnerable dependency is found in one of your repositories.
Viewing and updating Dependabot alerts
If GitHub Enterprise Server discovers insecure dependencies in your project, you can view details on the Dependabot alerts tab of your repository. Then, you can update your project to resolve or dismiss the alert.
Configuring notifications for Dependabot alerts
Optimize how you receive notifications about Dependabot alerts.

Browsing security advisories in the GitHub Advisory Database