Настройка правил генерации оповещений для определения приоритетов оповещений Dependabot

В этой статье

Вы можете создать собственные правила генерации оповещений для автоматической сортировки оповещений.

Кто может использовать эту функцию

People with write permissions can view Dependabot alert rules for the repository. People with with admin permissions to a repository, or the security manager role for the repository, can enable or disable Dependabot alert rules for the repository, as well as create custom alert rules

Custom alert rules for Dependabot alerts are available on any public repositories (for free), and on any private repositories, when you have a license for GitHub Advanced Security.

Note: Dependabot alert rules are currently in beta and are subject to change.

About custom alert rules

You can create your own Dependabot alert rules based on alert criteria. You can choose to auto-dismiss alerts indefinitely, or snooze alerts until a patch becomes available. Since any rules that you create apply to both future and current alerts, you can also use alert rules to manage your Dependabot alerts in bulk.

You can create rules using the following criteria:

Dependency scope (devDependency or runtime)
Package name
CWE
Severity
Patch availability
Manifest path
Ecosystem

Adding a custom rule to your repository

You can add a custom rule to your public and private repositories.

On GitHub.com, navigate to the main page of the repository.
Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.
In the "Security" section of the sidebar, click Code security and analysis.
Under "Dependabot alerts", click close to "Dependabot rules".
Click New ruleset.
Under "Name", describe what this rule will do.
Under "Alert criteria", select the criteria you want to use to filter alerts.
Under "Rules", select the action you want to take on alerts that match the criteria.
Click Create rule.