Protection

GitHub advisories

Triage incoming GitHub security advisories for your connected repositories.

The Advisories view (/app/protection/advisories) is the triage queue for incoming GitHub security advisories on your connected repositories.

What you can do

  • Review incoming GitHub security advisories for connected repos
  • Understand which repository, dependency, and severity each advisory affects
  • Decide whether to accept, prioritize, assign, or dismiss the advisory
  • Coordinate remediation with engineering alongside PR and contributor signals

Workflow

  1. Review incoming advisories as they arrive for connected repositories.
  2. Triage severity, affected package or component, and repository impact.
  3. Assign an owner for dependency bumps, configuration changes, or follow-up investigation.
  4. Verify fixes via follow-up PRs scanned under Pull requests.

Related features

Advisories often overlap with dependency changes in pull requests. Use both Advisories and Pull requests when validating that a fix is complete.

Next steps