Dependabot alerts: complex auto-dismiss rules #767
Labels
beta
Feature phase: Beta
dependabot
Feature: GitHub Dependabot
GHES 3.11
GHES 3.11
github advanced security
Product SKU: GitHub Advanced Security
Summary
Dependabot now proactively filters out false positives from your alert list -- so true positives are no longer buried under a mountain of unimportant alerts.
Dependabot's default auto-dismissal rules cover development-scoped (devDependency) alerts where the vulnerability is low impact. Low impact alerts are unlikely to be exploitable or may only have limited effects like slow builds or long-running tests.
For developers that need more control, custom rules are a powerful way to manage your alerts. This release adds ability to manage default presents and define your own auto-dismiss rules.
The text was updated successfully, but these errors were encountered: