Improving the developer experience for Dependabot alerts
Today, we’re shipping improvements to Dependabot alerts that make them easier to understand and remediate.
![](https://github.blog/wp-content/uploads/2021/04/dependabot-octocat-blog-banner.png?resize=1200%2C630)
At GitHub, we believe in providing developer-first experiences to help you keep your code secure. Since we launched Dependabot alerts nearly four years ago, we’ve alerted users on over 425 million potential vulnerabilities in their open source dependencies. Today, we’re rolling out improvements to Dependabot alerts that make them easier to understand and remediate.
What’s new
More descriptive Dependabot alerts
We’ve made it easier to quickly assess, prioritize, and act on Dependabot alerts.
![Demo of Dependabot alerts descriptions](https://github.blog/wp-content/uploads/2022/02/demo-of-dependabot-alert-experience.gif?resize=960%2C631)
Starting today, Dependabot alerts are now displayed with one alert per advisory and dependency manifest, rather than being grouped by package.
With this change, Dependabot alerts can now surface more useful information about each vulnerability—for example, alerts will include more descriptive alert titles, detailed breakdowns on alert severity scoring, and updated information about linked pull requests.
![Dependabot update integration demo](https://github.blog/wp-content/uploads/2022/02/dependabot-update-integration-demo.gif?resize=960%2C631)
Dependabot alerts across your repositories now have improved searching and tracking. Each alert now has a unique numeric identifier, which will soon also be available via the GraphQL API. The alert index page has been redesigned with new filtering options that make it easier to search, including a new search filter field with full-text search of alerts.
Improvements to the alert lifecycle
As we improve how alerts are viewed, we also have invested in how alerts are managed throughout their lifecycle.
![Fixed alerts demo](https://github.blog/wp-content/uploads/2022/02/fixed-alerts-demo.gif?resize=960%2C372)
As of today, Dependabot alerts will now persist and continue to appear under the “Closed” tab in the UI after they’re fixed. Later this month, they’ll also be available via the GraphQL API. As a follow-up to this release, we’ll also be shipping the ability to reopen dismissed alerts.
![Screenshot of Dependabot org-level alerts.](https://github.blog/wp-content/uploads/2022/02/dependabot-org-level-alerts.png?resize=2462%2C896)
Finally, starting today, GitHub Advanced Security customers can now view all their organization-level Dependabot alerts in the “Organization Security” tab. This view is available to organization owners and members of teams with the security manager role. Of course, repository-level Dependabot alerts and PRs will remain free forever. 💖
What’s next
Driven by your feedback, these changes are the first step towards improving Dependabot alerts. We’re continuing to work on addressing your top concerns and feedback for Dependabot, including better APIs, noise filtering, actionability, and configurability of alerts, and more.
Keep an eye on the public roadmap for information on upcoming releases, and let us know what you think about Dependabot.
Learn more about Dependabot alerts, or read more about our other security features.
Tags:
Written by
Related posts
![](https://github.blog/wp-content/uploads/2023/09/screencapture-innovationgraph-github-2023-09-20-15_44_54-1.png?resize=400%2C212)
How researchers are using GitHub Innovation Graph data to estimate the impact of ChatGPT
An interview with economic researchers who are applying causal inference techniques to analyze the effect of generative AI tools on software development activity.
![](https://github.blog/wp-content/uploads/2024/01/Enterprise-DarkMode-1.png?resize=400%2C212)
GitHub Availability Report: June 2024
In June, we experienced two incidents that resulted in degraded performance across GitHub services.
![](https://github.blog/wp-content/uploads/2024/06/AI-DarkMode-4.png?resize=400%2C212)
Advancing responsible practices for open source AI
Outcomes from the Partnership on AI and GitHub workshop.