GitHub Security Alerts integration improvements

GitHub announced the GitHub Security Advisory API today at GitHub Universe. Dependabot now uses it to pull in additional security vulnerability details, and to respond to new security advisories instantly.

Security PR

Dependabot has been using GitHub's vulnerability alerts database as a source since July, but the new Security Alerts API gives us more data and makes the information available to us in real time. That means you can now expect a Dependabot PR to fix any security vulnerabilities seconds after they're published to GitHub's database.

We've got more security news coming soon - stay tuned, and stay safe out there!


Dependabot helps keep your dependencies up-to-date. It's free for personal accounts and open source, and always will be.

Find out moreTake me to the app