Vulnerability Alerts Should Be Enabled

policy name: vulnerability_alerts_not_enabled

severity: MEDIUM

Description

Enable GitHub Dependabot to regularly scan for open source vulnerabilities.

Threat Example(s)

An open source vulnerability may be affecting your code without your knowledge, making it vulnerable to exploitation.

Remediation

  1. Make sure you have admin permissions
  2. Go to the repo’s settings page
  3. Enter ‘Code security and analysis’ tab
  4. Set ‘Dependabot alerts’ as Enabled