Skip to content

Enable Dependabot alerts for vulnerability detection #23

New issue
New issue
Closed
Task
Closed
Enable Dependabot alerts for vulnerability detection#23
Task
Assignees
lornakelly
@lornakelly

Description

@lornakelly
lornakelly
opened on Mar 3, 2026

Summary

Enable GitHub Dependabot vulnerability alerts for the repository so known vulnerable dependencies are automatically detected and surfaced early in the Security tab.

Goals

  • Detect vulnerable dependencies automatically via GitHub’s advisory database.
  • Surface alerts in Security → Dependabot alerts for maintainers to triage.
  • Improve baseline security posture with minimal maintenance overhead.

Non-Goals

  • Automatic version update PRs (Dependabot version updates).
  • Replacing other security controls (CodeQL, review, etc.).
  • Establishing SLA policies for alert remediation in this ticket.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

Task

Projects

Editor Project Tracker

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions