Administración de alertas de malware de Dependabot

Busque las dependencias malintencionadas de su proyecto y evalúe sus prioridades con las Dependabot malware alerts.

¿Quién puede utilizar esta característica?

Repositorios con Dependabot alerts habilitadas

En este artículo

Viewing malware alerts for your repository

  1. On GitHub, navigate to the main page of the repository.
  2. Under the repository name, click the Security and quality tab. If you cannot see the " Security and quality" tab, select the dropdown menu, and then click Security and quality.
  3. In the "Findings" section of the sidebar, select the Dependabot dropdown menu, then click Malware.
  4. Optionally, use the search bar or filter dropdown menus to find alerts matching specific criteria.

Viewing malware alerts for your organization

  1. In the upper-right corner of GitHub, click your profile picture, then click Organizations.
  2. Click the name of the organization you want to view.
  3. Under your organization name, click the Security and quality tab.
  4. In the "Findings" section of the sidebar, select the Dependabot dropdown menu, then click Malware.
  5. Optionally, use the search bar or filter dropdown menus to find alerts matching specific criteria.

Viewing malware alerts for your enterprise

  1. Navigate to your enterprise. For example, from the Enterprises page on GitHub.com.
  2. At the top of the page, click the Security and quality tab.
  3. In the "Findings" section of the sidebar, select the Dependabot dropdown menu, then click Malware.
  4. Optionally, use the search bar or filter dropdown menus to find alerts matching specific criteria.

Dismissing malware alerts

  1. Navigate to the Dependabot malware alerts view for your repository, organization, or enterprise.
  2. Click the name of the malware alert you want to dismiss.
  3. In the top-right corner, click Dismiss alert , then select a reason for dismissing the alert.
  4. Optionally, write a dismissal comment. The dismissal comment will be added to the alert timeline and can be used as justification during auditing and reporting.
  5. Click Dismiss alert.

Reopening a dismissed malware alert

  1. Navigate to the Dependabot malware alerts view for your repository, organization, or enterprise.

  2. To view closed alerts, click NUMBER Closed.

    Screenshot showing the list of Dependabot alerts with the "Closed" tab highlighted with a dark orange outline.

  3. Click the alert that you would like to view or update.

  4. In the top-right corner, click Reopen.

Next steps

To help reduce false positives for internal packages and low-risk alerts, you can configure Dependabot auto-triage rules to automatically dismiss alerts that meet certain criteria. See About Dependabot auto-triage rules.