GitHub Security Alerts integration

We've integrated Dependabot with GitHub's Security Alerts. Now when you receive a security alert from GitHub you can expect a PR from Dependabot that fixes it soon after.

Security PR

Dependabot has automatically responded to security advisories since April, when we integrated with sources for Ruby, Rust and PHP vulnerability alerts. Since then we've also added a JS source, and created an Elixir one.

Integrating with GitHub's Security Alerts gives us another great data source that is expanding fast and has a fantastic team behind it. We owe a huge debt of thanks to GitHub for making the data available - it's another significant contribution to the open source community from a company that already does so much.

Stay safe out there!


Dependabot helps keep your dependencies up-to-date. It's free for personal accounts and open source, and always will be.

Find out moreTake me to the app