policy name: vulnerability_alerts_not_enabled
severity: MEDIUM
Enable GitHub Dependabot to regularly scan for open source vulnerabilities.
An open source vulnerability may be affecting your code without your knowledge, making it vulnerable to exploitation.
- Make sure you have admin permissions
- Go to the repo's settings page
- Enter "Code security and analysis" tab
- Set "Dependabot alerts" as Enabled