VOOZH about

URL: https://github.blog/changelog/2022-10-06-new-dependabot-alerts-webhook/

⇱ New Dependabot alerts webhook - GitHub Changelog

API users can now integrate with a new dependabot_alert webhook, which matches the naming and structure of the recently introduced Dependabot alerts REST API. You should use this webhook in place of the existing repository_vulnerability_alert.

What's new

Improvements with the new webhook include:

  • More informative payload, including state and scope of the dependency, dismissal comments, and helpful information about a vulnerability (e.g. CVE ID, summary, description, CWEs, and reference URL).
  • Support for GitHub Apps with the Dependabot alerts read permission.
  • Actions on an alert now include the full set of created, dismissed, reopened, fixed, or reintroduced. See below for descriptions:

Deprecation notice

The repository_vulnerability_alert webhook is being deprecated. In 2023, we plan to remove the existing repository_vulnerability_alert webhook, which is superseded by the dependabot_alert webhook. We will give integrators at least 3 months notice of this removal — keep an eye on the GitHub Changelog in 2023 for more information.

Learn more about the Dependabot alerts webhook in our documentation.

Related Posts

Subscribe to our developer newsletter

Discover tips, technical guides, and best practices in our biweekly newsletter just for devs.