jprdonnelly/docs
1
0
Fork 0
mirror of synced 2026-01-04 00:06:20 -05:00
Code Issues Projects Releases Wiki Activity
Files
c0f108ee4672f5a71d84aedc729c821dfc1fb73a
docs/data/reusables/notifications/vulnerable-dependency-notification-options.md
Anne-Marie 37e362868b Edits to Notification Settings page following redesign (#30999) 
Co-authored-by: github-actions <github-actions@github.com>
Co-authored-by: Sophie <29382425+sophietheking@users.noreply.github.com>
2022-10-04 12:01:17 +00:00

2.5 KiB
Raw Blame History

{% ifversion fpt or ghec %}By default, you will receive notifications:{% endif %}{% ifversion ghes or ghae %}By default, if your enterprise owner has configured email for notifications on your instance, you will receive {% data variables.product.prodname_dependabot_alerts %}:{% endif %}

  • by email, an email is sent when {% data variables.product.prodname_dependabot %} is enabled for a repository, when a new manifest file is committed to the repository, and when a new vulnerability with a critical or high severity is found (Email each time a vulnerability is found option).
  • in the user interface, a warning is shown in your repository's file and code views if there are any insecure dependencies (UI alerts option).
  • on the command line, warnings are displayed as callbacks when you push to repositories with any insecure dependencies (Command Line option).
  • in your inbox, as web notifications. A web notification is sent when {% data variables.product.prodname_dependabot %} is enabled for a repository, when a new manifest file is committed to the repository, and when a new vulnerability with a critical or high severity is found (Web option).{% ifversion not ghae %}
  • on {% data variables.product.prodname_mobile %}, as web notifications. For more information, see "Enabling push notifications with GitHub Mobile."{% endif %}

{% note %}

Note: The email and web{% ifversion not ghae %}/{% data variables.product.prodname_mobile %}{% endif %} notifications are:

  • per repository when {% data variables.product.prodname_dependabot %} is enabled on the repository, or when a new manifest file is committed to the repository.

  • per organization when a new vulnerability is discovered.

{% endnote %}

{% ifversion update-notification-settings-22 %} You can customize the way you are notified about {% data variables.product.prodname_dependabot_alerts %}. For example, you can receive a daily or weekly digest email summarizing alerts for up to 10 of your repositories using the Email weekly digest option. {% else %} You can customize the way you are notified about {% data variables.product.prodname_dependabot_alerts %}. For example, you can receive a weekly digest email summarizing alerts for up to 10 of your repositories using the Email a digest summary of vulnerabilities and Weekly security email digest options.{% endif %}

Reference in New Issue View Git Blame Copy Permalink