Configuring Dependabot malware alerts

Prevent malware attacks by identifying and remediating malicious dependencies.

Who can use this feature?

Repositories with Dependabot alerts enabled

In this article

Enabling Dependabot malware alerts for your repository

  1. On GitHub, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. In the "Security" section of the sidebar, click Advanced Security.

  4. To enable Dependabot malware alerts, you first need to enable Dependabot alerts. Under "Advanced Security", to the right of Dependabot alerts, click Enable.

  5. To the right of Dependabot malware alerts, click Enable.

Enabling Dependabot malware alerts for your organization

You can enable Dependabot malware alerts for repositories in your organization with a custom security configuration. Security configurations are collections of security settings that you can customize and apply at scale. See Creating a custom security configuration.

Enabling Dependabot malware alerts for your enterprise

You can enable Dependabot malware alerts for repositories in your enterprise with a custom security configuration. Security configurations are collections of security settings that you can customize and apply at scale. See Creating a custom security configuration for your enterprise.

Next steps

To view and update your Dependabot malware alerts, see Managing Dependabot malware alerts.