When it comes to ignoring vulnerabilities on individual GitHub repositories, there are a few options. This article will walk through those below.
Viewing Vulnerabilities in Vanta
Looking at findings for GitHub repositories on the Vulnerabilities Page you will see that you're prompted to ignore any vulnerabilities from within GitHub:
Dismissing Alerts in GitHub
- Navigate to the specific repository in GitHub and click on it.
- Click the 'security' tab
- Then click 'dependabot' under security alerts
- Select an alert
- Dismiss the alert and select a reasoning
Marking Repositories out of scope in Vanta
If you're seeing alerts under repositories that don't need to be monitored within Vanta, you have the option to mark the repository out of scope entirely. The help article here walks through marking resources out of scope from within the integrations page: Frequently Asked Questions: How do I Mark Resources out of Scope?