Showing results for 
Search instead for 
Did you mean: 
Copilot Lvl 2
Message 1 of 1

dependabot vs. dependabot-preview - detecting security vulnerabilities



I've enabled "dependabot-preview" for security fixes only on my private repo.


However it detects only some vulnerable packages, compared to Security Alerts tab. Also, I can trigger the Automated security fixes (aka "dependabot") which creates PR for issues missed by the "dependabot-preview".


Is it possible that dependabot-preview does not detect issues detected by Security Alerts (dependabot)? What is the recommened way to handle security audit? I would like to use the dependabot-preview because of the configuration options via config.yaml (PR customization), but it does not seems to be reliable.


Thank you.