Article version:

Managing vulnerabilities in your project's dependencies

You can track your repository's dependencies and receive security alerts when GitHub detects vulnerable dependencies.

About security alerts for vulnerable dependencies

GitHub tracks reported vulnerabilities in certain dependencies and provides security alerts to affected repositories.

Configuring automated security fixes

You can use automated or manual pull requests to easily update vulnerable dependencies.

Viewing and updating vulnerable dependencies in your repository

If GitHub discovers vulnerable dependencies in your project, you can view them on the Alerts tab of your repository. Then, you can update your project to resolve the vulnerability.

Managing alerts for vulnerable dependencies in your organization

Organization owners and repository admins receive security alerts when GitHub detects a vulnerable dependency in an organization repository. You can specify additional organization members or teams with write access to also receive security alerts for vulnerable dependencies.

Ask a human

Can't find what you're looking for?

Contact us