The ability to disable GitHub Dependabot Alerts from inside of Vanta is not currently supported.
If you do not use Dependabot Alerts for vulnerability monitoring on the Github repositories monitored in Vanta, disabling Dependabot Alerts from inside Github will subsequently disable monitoring in Vanta.
Details about Dependabot configuration can be found in Github Documentation.
If you wish to leave Dependabot enabled in Github but want it disabled solely for Vanta, this is not currently possible.
A suggested workaround would be to disable the associated Dependabot tests:
- Low vulnerabilities identified in packages are addressed (Github Repo)
- Medium vulnerabilities identified in packages are addressed (Github Repo)
- High vulnerabilities identified in packages are addressed (Github Repo)
- Critical vulnerabilities identified in packages are addressed (Github Repo)
Updated