ドキュメントには頻繁に更新が加えられ、その都度公開されています。本ページの翻訳はまだ未完成な部分があることをご了承ください。最新の情報については、英語のドキュメンテーションをご参照ください。本ページの翻訳に問題がある場合はこちらまでご連絡ください。

Viewing and updating vulnerable dependencies in your repository

If GitHub discovers vulnerable dependencies in your project, you can view them on the Alerts tab of your repository. Then, you can update your project to resolve the vulnerability.

Your repository's Alerts tab lists all open and closed security alerts and corresponding automated security fixes. You can sort the list of alerts using the drop-down menu, and you can click into specific alerts for more details. For more information, see "About security alerts for vulnerable dependencies."

Tip: Automatic security fixes are available in beta and are subject to change. You can enable automatic security fixes for any repository that uses security alerts and the dependency graph. For more information, see "Configuring automated security fixes."

  1. GitHub で、リポジトリのメインページへ移動します。

  2. リポジトリ名の下で [ Security] をクリックします。

    セキュリティタブ

  3. Click the alert you'd like to view.

    Alert selected in list of alerts

  4. Review the details of the vulnerability and, if available, the pull request containing the automated security fix.

  5. Optionally, if there isn't already an automated security fix for the alert, to create a pull request to resolve the vulnerability, click Create automated security fix.

    Create automated security fix button

  6. When you're ready to update your dependency and resolve the vulnerability, merge the pull request.

Further reading

担当者にお尋ねください

探しているものが見つからなかったでしょうか?

弊社にお問い合わせください