Dependabot auto-triage rules are generally available

Auto-triage rules help you reduce alert and pull request fatigue, while better managing your alerts at scale.

With Dependabot auto-triage rules, you can create your own custom rules to control how Dependabot ignores alerts with auto-dismissal, snoozes and reopens alerts, and generates pull requests to fix alerts – so you can focus on the alerts that matter, without worrying about the alerts that don’t.

Rules can be created with the following alert attributes:
– CVE ID
– CWE
– Dependency scope (devDependency or runtime)
– Ecosystem
– GHSA ID
– Manifest path (for repository-level rules only)
– Package name
– Patch availability
– Severity

For more information and how to use this feature, please refer to our documentation.

MAY.7Improvement
Repository rulesets: User bypass and branch renaming
- Platform Governance
APR.16Improvement
Rule insights dashboard and unified filter bar
- Platform Governance
APR.9Improvement
New Low Quality option in the Hide comment menu
- Platform Governance
FEB.17Improvement
Custom properties and rule insights improvements
- Platform Governance
SEP.10Improvement
GitHub ruleset exemptions and repository insights updates
- Platform Governance
SEP.1Improvement
GraphQL API resource limits
- Platform Governance
JUL.21Improvement
Including timeouts in primary rate limits
- Platform Governance
APR.22Improvement
Updates to security configuration settings for customers in existing grace periods
- Platform Governance
APR.9Improvement
Push rule delegated bypass and custom property regex support are generally available and repository policy delegated bypass is in preview
- Platform Governance

Dependabot auto-triage rules are generally available

Related Posts

Subscribe to our developer newsletter