'Disabling dependabot alerts for a repository on GitHub
GitHub dependabot security alerts may sometimes become a chore especially when an abandoned project that is no longer in active use reeives frequent security advisories. Is there an option to disable the active security monitoring?
githubSolution 1:[1]
Open you repo and go to Settings. Click on Code security and analysis in the Security subsection. There you will find dependabot settings with a Disable button for turning off the automated advisories.
The page is also available through direct link https://github.com/<USERNAME>/<REPO>/settings/security_analysis by replacing placeholders <USERNAME> and <REPO> with the corresponding identifiers.
Note that disabling the advisories will negatively impact the security of your software and should be avoided for any software with production deployments.
Solution 2:[2]
Cyberixae's answer should work but if you're getting these alerts on a forked repository, I found a good fix here that involves deleting the dependabot.yml file in a different branch and setting that branch to the default branch.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | cyberixae |
| Solution 2 | Eke |