Dependabot alerts for GHAE #135
Labels
Projects
Comments
github-product-roadmap
moved this from Q2 2021 – Apr-Jun
to Q3 2021 – Jul-Sep
in GitHub public roadmap
github-product-roadmap
moved this from Q3 2021 – Jul-Sep
to Q4 2021 – Oct-Dec
in GitHub public roadmap
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Summary
Dependabot alerts send you an alert of repositories affected by a newly discovered vulnerability. This launch will add support for Dependabot alerts to GHAE.
Intended Outcome
To alert a GHAE user of a vulnerability in a dependency they use.
How will it work?
Dependabot alerts detects and alerts you when your repo has a newly discovered vulnerability. To do this, GitHub compares the information in the Dependency Graph to the information in GitHub’s Advisory Database. A security alert can either be sent when the manifest file is updated (you add a new dependency), or when a new vulnerability is discovered.
On GHAE, when enabled, the service will download the latest curated list of vulnerabilities from GitHub.com over a private channel on a regular sync. If a new vulnerability exists, the service determines the impacted users and repositories before generating alerts directly.
The text was updated successfully, but these errors were encountered: