Organization owners and repository admins receive security alerts when GitHub detects a vulnerable dependency in an organization repository. You can specify additional organization members or teams with write access to also receive security alerts for vulnerable dependencies.
On GitHub, navigate to the main page of the repository.
Under your repository name, click Settings.
In the left sidebar, click Alerts.
- Type the name of the person or team you'd like to receive alerts when GitHub detects a vulnerable dependency, then click their username or team name to select it.
- After you've selected all of the people or teams you'd like to receive alerts, click Save changes.