GitHub sends Dependabot alerts when we detect vulnerabilities affecting your repository.
Vulnerability disclosure is a coordinated effort between security reporters and repository maintainers.
You can use Dependabot to keep the actions you use updated to the latest versions.
Detailed information for all the options you can use to customize how Dependabot maintains your repositories.
Enabling GitHub Code Scanning is like inviting a team of security researchers to review your every pull request. By configuring Code Scanning with either CodeQL or one of our static code analysis partners you can make sure that all of your code is reviewed seamlessly for security vulnerabilities before going to production.