Ignoring Github Vulnerabilities

  • Updated

When it comes to ignoring vulnerabilities on individual GitHub repositories, there are a few options. This article will walk through those below.

 

Viewing Vulnerabilities in Vanta

Looking at findings for GitHub repositories on the Vulnerabilities Page you will see that you're prompted to ignore any vulnerabilities from within GitHub:


 

Dismissing Alerts in GitHub

  1. Navigate to the specific repository in GitHub and click on it.
  2. Click the 'security' tab
  3. Then click 'dependabot' under security alerts
  4. Select an alert
  5. Dismiss the alert and select a reasoning 

 

Marking Repositories out of scope in Vanta

If you're seeing alerts under repositories that don't need to be monitored within Vanta, you have the option to mark the repository out of scope entirely. The help article here walks through marking resources out of scope from within the integrations page: Frequently Asked Questions: How do I Mark Resources out of Scope?