Organization owners and repository admins receive security alerts when GitHub detects a vulnerable dependency in an organization repository. You can specify additional organization members or teams to also receive security alerts for vulnerable dependencies.

  1. On GitHub, navigate to the main page of the repository.

  2. Under your repository name, click Settings. Repository settings button

  3. In the left sidebar, click Alerts.

  4. Type the name of the person or team you'd like to receive alerts when GitHub detects a vulnerable dependency, then click their username or team name to select it.
  5. After you've selected all of the people or teams you'd like to receive alerts, click Save changes.

Further reading