Skip to content

Enable Dependabot alerts for vulnerability detection #23

New issue
New issue
Open
Task
Open
Enable Dependabot alerts for vulnerability detection#23
Task
@lornakelly

Description

@lornakelly
lornakelly
opened on Mar 3, 2026

Summary

Enable GitHub Dependabot vulnerability alerts for the repository so known vulnerable dependencies are automatically detected and surfaced early in the Security tab.

Goals

  • Detect vulnerable dependencies automatically via GitHub’s advisory database.
  • Surface alerts in Security → Dependabot alerts for maintainers to triage.
  • Improve baseline security posture with minimal maintenance overhead.

Non-Goals

  • Automatic version update PRs (Dependabot version updates).
  • Replacing other security controls (CodeQL, review, etc.).
  • Establishing SLA policies for alert remediation in this ticket.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    Task

    Projects

    Editor Project Tracker

    Status

    Next

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions