Try GitHub Copilot CLIAttend GitHub Universe
Back to changelog
Release

September 10, 20251 Minute Read

Dependabot alerts now support production context prioritization in public preview

Dependabot alerts can now be filtered and prioritized using production context from external artifact registries, including JFrog Artifactory, and your own CI/CD workflows. This feature is available in public preview.

Security teams can focus remediation on alerts that impact artifacts actually promoted to production, helping reduce noise and accelerate response times.

  • Use the new Storage Record API to send artifact promotion events from your registry or CI/CD workflow to GitHub.
  • JFrog Artifactory users can enable the GitHub integration in Artifactory settings to automatically emit promotion events with no extra setup required.
  • In Dependabot alert views, use the artifact-registry:jfrog-artifactory or artifact-registry-url: filters to focus on vulnerabilities present in production-approved artifacts.
  • Combine the new filters with other existing filters, such as EPSS or CVSS, for advanced alert prioritization.

For more details, check out the documentation:

Share your thoughts or questions on the GitHub Community.

Related Posts

Subscribe to our developer newsletter

Discover tips, technical guides, and best practices in our biweekly newsletter just for devs.

By submitting, I agree to let GitHub and its affiliates use my information for personalized communications, targeted advertising, and campaign effectiveness. See the GitHub Privacy Statement for more details.

Dependabot alerts now support production context prioritization in public preview - GitHub Changelog