Using GitHub preset rules to prioritize Dependabot alerts

Focus on alerts that matter by auto-dismissing low impact development alerts for npm dependencies.

Who can use this feature?

  • Organization owners
  • Security managers
  • Users with admin access (can enable, disable, and view GitHub presets for the repository)

The Dismiss low impact issues for development-scoped dependencies rule is a GitHub preset that auto-dismisses certain types of vulnerabilities that are found in npm dependencies used in development. For more information about the rule, see About Dependabot auto-triage rules.

This rule is enabled by default on public repositories and disabled for private repositories. Administrators of private repositories can opt in by enabling the rule for their repository.

Enabling the Dismiss low impact issues for development-scoped dependencies rule for your private repository

You first need to enable Dependabot alerts for the repository. For more information, see Configuring Dependabot alerts.

  1. On GitHub, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. In the "Security" section of the sidebar, click Advanced Security.

  4. Under "Dependabot alerts", click close to "Dependabot rules".

    Screenshot of the "Advanced Security" page for a repository. The gear icon is highlighted with an orange outline.

  5. Under "GitHub presets", to the right of "Dismiss low impact issues for development-scoped dependencies", click .

  6. Under "State", select the dropdown menu, then click "Enabled".

  7. Click Save rule.