이 버전의 GitHub Enterprise Server는 다음 날짜에 중단됩니다. 2026-03-17. 중요한 보안 문제에 대해서도 패치 릴리스가 이루어지지 않습니다. 더 뛰어난 성능, 향상된 보안, 새로운 기능을 위해 최신 버전의 GitHub Enterprise Server로 업그레이드합니다. 업그레이드에 대한 도움말은 GitHub Enterprise 지원에 문의하세요.

Dependabot 경고 구성

리포지토리에서 새로운 취약한 종속성이 발견되면 Dependabot alerts을 활성화하세요.

누가 이 기능을 사용할 수 있나요?

이 문서의 내용

When Dependabot detects vulnerable dependencies in a repository, it generates alerts. For more information, see About Dependabot alerts.

You can enable or disable Dependabot alerts for:

  • Your personal account
  • Your repository
  • Your organization
  • Your enterprise

참고 항목

An enterprise owner must first set up Dependabot for your enterprise before you can configure Dependabot alerts. For more information, see Enabling Dependabot for your enterprise.

Managing Dependabot alerts for your personal account

Dependabot alerts for your repositories can be enabled or disabled by your enterprise owner. For more information, see Enabling Dependabot for your enterprise.

Managing Dependabot alerts for your repository

You can manage Dependabot alerts for your public, private or internal repository.

By default, we notify people with write, maintain, or admin permissions in the affected repositories about new Dependabot alerts. GitHub never publicly discloses insecure dependencies for any repository. You can also make Dependabot alerts visible to additional people or teams working on repositories that you own or have admin permissions for.

An enterprise owner must first set up Dependabot for your enterprise before you can manage Dependabot alerts for your repository. For more information, see Enabling Dependabot for your enterprise.

Enabling or disabling Dependabot alerts for a repository

  1. On GitHub, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. In the "Security" section of the sidebar, click Code security and analysis.

  4. Under "Code security and analysis", to the right of Dependabot alerts, click Enable to enable alerts or Disable to disable alerts.

Managing Dependabot alerts for your organization

You can enable Dependabot alerts for all eligible repositories in your organization. For more information, see About enabling security features at scale.

Managing Dependabot alerts for your enterprise

You can enable or disable Dependabot alerts for all current and future repositories owned by organizations in your enterprise. Your changes affect all repositories.

  1. In the top-right corner of GitHub Enterprise Server, click your profile picture, then click Enterprise settings.
  2. On the left side of the page, in the enterprise account sidebar, click Settings.
  3. In the left sidebar, click Code security.
  4. In the "Dependabot" section, to the right of Dependabot alerts, click Disable all or Enable all.
  5. Optionally, select Automatically enable for new repositories to enable Dependabot alerts by default for your organizations' new repositories.

Managing Dependabot alerts at scale with rules

Additionally, you can use Dependabot auto-triage rules to manage your alerts at scale, so you can auto-dismiss or snooze alerts, and specify which alerts you want Dependabot to open pull requests for. For information about the different types of auto-triage rules, and whether your repositories are eligible, see About Dependabot auto-triage rules.