Dependabot relieves alert fatigue from npm devDependencies
A new alert rules engine for Dependabot leverages alert metadata to identify and auto-dismiss up to 15% of alerts as false positives.
Private vulnerability reporting now generally available
Open source maintainers and security researchers embrace a new best practice to report and fix vulnerabilities.
Introducing self-service SBOMs
Developers and compliance teams get a new SBOM generation tool for cloud repositories.
Dependabot alerts are now visible to more developers
Default settings will allow developers with write and maintain access to see and resolve Dependabot alerts.
A smarter, quieter Dependabot
Dependabot is getting a little smarter—and, a little quieter—by reducing bot-based noise from repositories based on your interaction with Dependabot.
GitHub’s supply chain security features now support Dart
Cross-platform apps built with the popular Flutter toolkit can now benefit from Dependabot alerts.