Feature request: Context for vulnerability alerts

(Assumption for the following: Node-based projects - I don’t know whether there are vulnerability alerts for other types too.)

First of all, it would be great if the vulnerability alerts would mention whether the vulnerability in question is a devDependency or a regular one.

Secondly, it would be really helpful if it could be traced back to the “root” dependency because of which it exists in the project - see e.g. yarn why. And provide information about the currently used and latest version for those root dependencies. Because then I can tell at a glance whether it’s something that’s quite probably either within or out of my control.

Sidenote: It would also be great if you could not send multiple emails within a few seconds that are obviously triggered by the same scan. Just aggregate them into one? Less noise for the users, possibly lower cost (traffic) for you.

1 Like

Hi @s-h-a-d-o-w,

Thanks so much for taking the time to write in about this!!

I have passed your suggestion along to the engineering team. I can’t promise if or when we will implement support all your suggestions,  but your feedback is definitely in the right hands.

1 Like