About alerts for vulnerable dependencies→
GitHub Enterprise Server sends Dependabot alerts when we detect vulnerabilities affecting your repository.
Configuring notifications for vulnerable dependencies→
Optimize how you receive notifications about Dependabot alerts.
Viewing and updating vulnerable dependencies in your repository→
If GitHub Enterprise Server discovers vulnerable dependencies in your project, you can view them on the Dependabot alerts tab of your repository. Then, you can update your project to resolve or dismiss the vulnerability.
Troubleshooting the detection of vulnerable dependencies→
If the dependency information reported by GitHub Enterprise Server is not what you expected, there are a number of points to consider, and various things you can check.

