ドキュメントには頻繁に更新が加えられ、その都度公開されています。本ページの翻訳はまだ未完成な部分があることをご了承ください。最新の情報については、英語のドキュメンテーションをご参照ください。本ページの翻訳に問題がある場合はこちらまでご連絡ください。

Free, Pro, & Team

日本語

Managing vulnerabilities in your project's dependencies

You can track your repository's dependencies and receive Dependabotアラート when GitHub detects vulnerable dependencies.

脆弱性のある依存関係の管理について

GitHub は、既知の脆弱性を含むサードパーティソフトウェアの使用を回避するのに役立ちます。

Browsing security vulnerabilities in the GitHub Advisory Database

The GitHub Advisory Database allows you to browse or search for vulnerabilities that affect open source projects on GitHub.

About alerts for vulnerable dependencies

GitHub sends Dependabotアラート when we detect vulnerabilities affecting your repository.

Configuring notifications for vulnerable dependencies

Optimize how you receive notifications about Dependabotアラート.

About Dependabot security updates

Dependabot can fix vulnerable dependencies for you by raising pull requests with security updates.

Configuring Dependabot security updates

You can use Dependabotセキュリティアップデート or manual pull requests to easily update vulnerable dependencies.

Viewing and updating vulnerable dependencies in your repository

If GitHub discovers vulnerable dependencies in your project, you can view them on the Dependabot alerts tab of your repository. Then, you can update your project to resolve or dismiss the vulnerability.

Troubleshooting the detection of vulnerable dependencies

If the dependency information reported by GitHub is not what you expected, there are a number of points to consider, and various things you can check.