Replies: 1 comment
-
|
Hey @kabene - You can find out more about the Private Vulnerability Reporting for a repository at https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository. This is in beta, and is a way to report new vulnerabilities to a maintainer privately. Dependabot is more focused on finding the dependencies within your project which have existing known vulnerabilities (https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates), or could help you bump version updates too (https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates)! |
Beta Was this translation helpful? Give feedback.
-
This new way of reports security findings looks crazy, but it is fully manual or dependabot will also create findings ?
Beta Was this translation helpful? Give feedback.
All reactions