Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Copilot Lvl 2
Message 1 of 1

dependabot vs. dependabot-preview - detecting security vulnerabilities

Hello,

 

I've enabled "dependabot-preview" for security fixes only on my private repo.

 

However it detects only some vulnerable packages, compared to Security Alerts tab. Also, I can trigger the Automated security fixes (aka "dependabot") which creates PR for issues missed by the "dependabot-preview".

 

Is it possible that dependabot-preview does not detect issues detected by Security Alerts (dependabot)? What is the recommened way to handle security audit? I would like to use the dependabot-preview because of the configuration options via config.yaml (PR customization), but it does not seems to be reliable.

 

Thank you.