5.0 KiB
title, shortTitle, intro, redirect_from, versions, type, topics
| title | shortTitle | intro | redirect_from | versions | type | topics | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Configuring notifications for vulnerable dependencies | Configuring notifications | Optimize how you receive notifications about {% data variables.product.prodname_dependabot %} alerts. |
|
|
how_to |
|
About notifications for vulnerable dependencies
When {% data variables.product.prodname_dependabot %} detects vulnerable dependencies in your repositories, we generate a {% data variables.product.prodname_dependabot %} alert and display it on the Security tab for the repository. {% data variables.product.product_name %} notifies the maintainers of affected repositories about the new alert according to their notification preferences.{% ifversion fpt %} {% data variables.product.prodname_dependabot %} is enabled by default on all public repositories. For {% data variables.product.prodname_dependabot_alerts %}, by default, you will receive {% data variables.product.prodname_dependabot_alerts %} by email, grouped by the specific vulnerability. {% endif %}
{% ifversion fpt %}If you're an organization owner, you can enable or disable {% data variables.product.prodname_dependabot_alerts %} for all repositories in your organization with one click. You can also set whether the detection of vulnerable dependencies will be enabled or disabled for newly-created repositories. For more information, see "Managing security and analysis settings for your organization." {% endif %}
{% ifversion ghes %} By default, if your site administrator has configured email for notifications on your enterprise, you will receive {% data variables.product.prodname_dependabot_alerts %} by email.{% endif %}
{% ifversion ghes %}Site administrators can also enable {% data variables.product.prodname_dependabot_alerts %} without notifications. For more information, see "[Enabling {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies on {% data variables.product.prodname_ghe_server %}](/enterprise/{{ currentVersion }}/admin/configuration/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server)."{% endif %}
Configuring notifications for {% data variables.product.prodname_dependabot_alerts %}
You can configure notification settings for yourself or your organization from the Manage notifications drop-down {% octicon "bell" aria-label="The notifications bell" %} shown at the top of each page. For more information, see "Configuring notifications."
{% data reusables.notifications.vulnerable-dependency-notification-delivery-method-customization %} {% data reusables.notifications.vulnerable-dependency-notification-options %}
{% note %}
Note: You can filter your notifications on {% data variables.product.company_short %} to show {% data variables.product.prodname_dependabot %} alerts. For more information, see "Managing notifications from your inbox."
{% endnote %}
{% data reusables.repositories.security-alerts-x-github-severity %} For more information, see "Configuring notifications."
How to reduce the noise from notifications for vulnerable dependencies
If you are concerned about receiving too many notifications for {% data variables.product.prodname_dependabot_alerts %}, we recommend you opt into the weekly email digest, or turn off notifications while keeping {% data variables.product.prodname_dependabot_alerts %} enabled. You can still navigate to see your {% data variables.product.prodname_dependabot_alerts %} in your repository's Security tab. For more information, see "Viewing and updating vulnerable dependencies in your repository."