{"id":74069,"date":"2023-09-14T10:34:10","date_gmt":"2023-09-14T17:34:10","guid":{"rendered":"https:\/\/github.blog\/?p=74069"},"modified":"2023-09-14T11:37:17","modified_gmt":"2023-09-14T18:37:17","slug":"introducing-auto-triage-rules-for-dependabot","status":"publish","type":"post","link":"https:\/\/github.blog\/news-insights\/product-news\/introducing-auto-triage-rules-for-dependabot\/","title":{"rendered":"Introducing auto-triage rules for Dependabot"},"content":{"rendered":"<p>Since the May beta release of our <a href=\"https:\/\/github.blog\/2023-05-02-dependabot-relieves-alert-fatigue-from-npm-devdependencies\/\">GitHub-curated Dependabot policies<\/a> that detect and close false positive alerts, over 250k repositories have manually opted in, with an average improvement of over 1 in 10 alerts. The impact so far: auto-dismissal of <em>millions<\/em> of alerts that would have otherwise demanded a developer\u2019s attention to manually assess and triage.<\/p>\n<p>Starting today, you can create your own custom rules to control how Dependabot auto-dismisses and reopens alerts, so you can focus on the alerts that matter without worrying about the alerts that don\u2019t. Today\u2019s ship\u2014our public beta of custom auto-triage rules\u2014makes that engine available for everyone, so you can specify and delegate specific decision making tasks to Dependabot with your own custom rules.<\/p>\n<p>Today\u2019s release is part of a series of ships that make it easier to scale your security strategy, whether you\u2019re an open source maintainer or an application developer on a centralized security team. Custom auto-triage rules for Dependabot are free for public repositories and available as part of <a href=\"https:\/\/github.com\/security\">GitHub Advanced Security<\/a> for private repositories. Together with auto-triage presets and a renewed investment in alert metadata, custom auto-triage rules relieve developers from the overhead of alert management tasks so they can focus on creating great code.<\/p>\n<h2 id=\"what-are-auto-triage-rules\"><a class=\"heading-link\" href=\"#what-are-auto-triage-rules\">What are auto-triage rules?<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"><\/span><\/a><\/h2>\n<p><p class=\"purple-text text-gradient-purple-coral mt-6 mb-6\">Auto-triage rules are a powerful tool to help you reduce false positives and alert fatigue substantially, while better managing your alerts at scale.<\/p> Rules contain criteria that match the targeted alerts, plus the decision that Dependabot will perform on your behalf.<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter size-large wp-image-74071 width-fit\" src=\"https:\/\/github.blog\/wp-content\/uploads\/2023\/09\/rules-list-view.png?w=1024&#038;resize=1024%2C538\" alt=\"From the rules list view, you can manage GitHub-curated presets and create your own custom rules to auto-triage alerts.\" width=\"1024\" height=\"538\" srcset=\"https:\/\/github.blog\/wp-content\/uploads\/2023\/09\/rules-list-view.png?w=1600 1600w, https:\/\/github.blog\/wp-content\/uploads\/2023\/09\/rules-list-view.png?w=300 300w, https:\/\/github.blog\/wp-content\/uploads\/2023\/09\/rules-list-view.png?w=768 768w, https:\/\/github.blog\/wp-content\/uploads\/2023\/09\/rules-list-view.png?w=1024 1024w, https:\/\/github.blog\/wp-content\/uploads\/2023\/09\/rules-list-view.png?w=1536 1536w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/p>\n<aside class=\"p-4 p-md-6 post-aside--large\"><p class=\"h5-mktg gh-aside-title\">What can you do with rules?<\/p><p>With auto-triage rules, you\u00a0can proactively filter out false positives, snooze alerts until patch release, and \u2013 as rules apply to both future and current alerts \u2013 manage existing alerts in bulk.<\/p>\n<\/aside>\n<h2 id=\"what-behaviors-can-dependabot-perform\"><a class=\"heading-link\" href=\"#what-behaviors-can-dependabot-perform\">What behaviors can Dependabot perform?<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"><\/span><\/a><\/h2>\n<p>For any existing or future alerts that match a custom rule, Dependabot will perform the selected behavior accordingly.<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter size-large wp-image-74075 width-fit\" src=\"https:\/\/github.blog\/wp-content\/uploads\/2023\/09\/example-auto-triage-rule.png?w=1024&#038;resize=1024%2C538\" alt=\"Example auto-triage rule that snoozes matching alerts until a patch is available.\" width=\"1024\" height=\"538\" srcset=\"https:\/\/github.blog\/wp-content\/uploads\/2023\/09\/example-auto-triage-rule.png?w=1600 1600w, https:\/\/github.blog\/wp-content\/uploads\/2023\/09\/example-auto-triage-rule.png?w=300 300w, https:\/\/github.blog\/wp-content\/uploads\/2023\/09\/example-auto-triage-rule.png?w=768 768w, https:\/\/github.blog\/wp-content\/uploads\/2023\/09\/example-auto-triage-rule.png?w=1024 1024w, https:\/\/github.blog\/wp-content\/uploads\/2023\/09\/example-auto-triage-rule.png?w=1536 1536w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/p>\n<p>Our first public beta release covers ignore and snooze-until-patch functionality with repository-level rules. We will follow-up soon with support for managing rules at the organization-level.<\/p>\n<p>Both are managed via the <code>auto-dismiss<\/code> alert resolution, which provides visibility into automated decisions, integrates with existing reporting systems and workflows, and ensures that alerts can be reintroduced if alert metadata changes.<\/p>\n<h2 id=\"what-alert-criteria-are-supported-by-custom-rules\"><a class=\"heading-link\" href=\"#what-alert-criteria-are-supported-by-custom-rules\">What alert criteria are supported by custom rules?<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"><\/span><\/a><\/h2>\n<p>Custom rules can target alerts based on multiple criteria, including the below attributes as of today.<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter size-large wp-image-74072 width-fit\" src=\"https:\/\/github.blog\/wp-content\/uploads\/2023\/09\/custom-rules.png?w=1024&#038;resize=1024%2C538\" alt=\"Custom rules can be created across stackable attributes related to dependencies and the advisory.\" width=\"1024\" height=\"538\" srcset=\"https:\/\/github.blog\/wp-content\/uploads\/2023\/09\/custom-rules.png?w=1600 1600w, https:\/\/github.blog\/wp-content\/uploads\/2023\/09\/custom-rules.png?w=300 300w, https:\/\/github.blog\/wp-content\/uploads\/2023\/09\/custom-rules.png?w=768 768w, https:\/\/github.blog\/wp-content\/uploads\/2023\/09\/custom-rules.png?w=1024 1024w, https:\/\/github.blog\/wp-content\/uploads\/2023\/09\/custom-rules.png?w=1536 1536w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/p>\n<div data-target=\"content-table-wrap.container\" class=\"content-table-wrap\"><content-table-wrap><table>\n<tbody>\n<tr>\n<td><strong>Attribute<\/strong><\/td>\n<td><strong>Description<\/strong><\/td>\n<\/tr>\n<tr>\n<td><code>severity<\/code><\/td>\n<td>Alert severity, based on CVSS base score, across the following values: <code>low<\/code>, <code>medium<\/code>, <code>high<\/code>, and <code>critical<\/code>.<\/td>\n<\/tr>\n<tr>\n<td><code>scope<\/code><\/td>\n<td>Scope of the dependency: <code>development<\/code> (devDependency) or <code>runtime<\/code> (production).<\/td>\n<\/tr>\n<tr>\n<td><code>package-name<\/code><\/td>\n<td>Packages, listed by package name.<\/td>\n<\/tr>\n<tr>\n<td><code>cwe<\/code><\/td>\n<td>CWEs, listed by CWE ID.<\/td>\n<\/tr>\n<tr>\n<td><code>ecosystem<\/code><\/td>\n<td>Ecosystems, listed by ecosystem name.<\/td>\n<\/tr>\n<tr>\n<td><code>manifest<\/code><\/td>\n<td>Manifest files, listed by manifest path.<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/content-table-wrap><\/div>\n<h2 id=\"who-can-use-this-feature\"><a class=\"heading-link\" href=\"#who-can-use-this-feature\">Who can use this feature?<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"><\/span><\/a><\/h2>\n<p>GitHub-curated presets\u2013such as <a href=\"https:\/\/github.blog\/2023-05-02-dependabot-relieves-alert-fatigue-from-npm-devdependencies\/\">auto-dismissal of false positives<\/a>\u2013are free for everyone and on all repositories. Custom auto-triage rules are available for free on all public repositories, and available as a feature of <a href=\"https:\/\/github.com\/security\">GitHub Advanced Security<\/a> for private repositories.<\/p>\n<div data-target=\"content-table-wrap.container\" class=\"content-table-wrap\"><content-table-wrap><table style=\"border: 1px black\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/github.blog\/tag\/github-advanced-security\/\">Read our collection of posts<\/a> to learn more about GitHub Advanced Security.<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/content-table-wrap><\/div>\n<h2 id=\"whats-next-for-dependabot\"><a class=\"heading-link\" href=\"#whats-next-for-dependabot\">What\u2019s next for Dependabot?<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"><\/span><\/a><\/h2>\n<p>In addition to gathering your feedback during the public beta, we\u2019re working to support additional alert metadata and enforcement options to expand the capabilities of custom rules. We\u2019re also working on new configurability options for Dependabot security updates to give you more control over remediation flows. Keep an eye on the <a href=\"https:\/\/github.blog\/changelog\/\">GitHub Changelog<\/a> for more!<\/p>\n<p>In the meantime, try out Dependabot\u2019s new auto-triage functionality and<a href=\"https:\/\/github.com\/orgs\/community\/discussions\/54290\"> let us know what you think<\/a>\u2013we\u2019re listening.<\/p>\n<h3 id=\"learn-more\"><a class=\"heading-link\" href=\"#learn-more\">Learn more:<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"><\/span><\/a><\/h3>\n<ul>\n<li><a href=\"https:\/\/docs.github.com\/code-security\/dependabot\/dependabot-alerts\/using-alert-rules-to-prioritize-dependabot-alerts\">About the auto-triage feature<\/a><\/li>\n<li><a href=\"https:\/\/github.blog\/changelog\/2023-09-14-custom-auto-triage-rules-for-dependabot-alerts-public-beta\/\">Changelog and frequently asked questions about auto-triage rules<\/a><\/li>\n<li><a href=\"https:\/\/docs.github.com\/rest\/dependabot\/alerts\">Dependabot alerts REST API<\/a><\/li>\n<li><a href=\"https:\/\/docs.github.com\/graphql\/reference\/objects#repositoryvulnerabilityalert\">Dependabot alerts GraphQL API<\/a><\/li>\n<li><a href=\"https:\/\/docs.github.com\/webhooks-and-events\/webhooks\/webhook-events-and-payloads#dependabot_alert\">Dependabot alerts webhook<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Make quick work of alerts with preset and custom rules.<\/p>\n","protected":false},"author":1954,"featured_media":74070,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_gh_post_show_toc":"no","_gh_post_is_no_robots":"no","_gh_post_is_featured":"no","_gh_post_is_excluded":"no","_gh_post_is_unlisted":"no","_gh_post_related_link_1":"","_gh_post_related_link_2":"","_gh_post_related_link_3":"","_gh_post_sq_img":"https:\/\/github.blog\/wp-content\/uploads\/2022\/02\/dependabot-square-tile-2-copy.png","_gh_post_sq_img_id":"63049","_gh_post_cta_title":"","_gh_post_cta_text":"","_gh_post_cta_link":"","_gh_post_cta_button":"Click Here to Learn More","_gh_post_recirc_hide":"no","_gh_post_recirc_col_1":"gh-auto-select","_gh_post_recirc_col_2":"73570","_gh_post_recirc_col_3":"65310","_gh_post_recirc_col_4":"65316","_featured_video":"","_gh_post_additional_query_params":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_wpas_customize_per_network":false,"_links_to":"","_links_to_target":""},"categories":[3321,3325],"tags":[145,2585,2739,2586,1709],"coauthors":[2427,2867],"class_list":["post-74069","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-insights","category-product-news","tag-dependabot","tag-github-advanced-security","tag-open-source","tag-security","tag-supply-chain-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Introducing auto-triage rules for Dependabot - The GitHub Blog<\/title>\n<meta name=\"description\" content=\"Make quick work of alerts with preset and custom rules.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/github.blog\/news-insights\/product-news\/introducing-auto-triage-rules-for-dependabot\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Introducing auto-triage rules for Dependabot\" \/>\n<meta property=\"og:description\" content=\"Make quick work of alerts with preset and custom rules.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/github.blog\/news-insights\/product-news\/introducing-auto-triage-rules-for-dependabot\/\" \/>\n<meta property=\"og:site_name\" content=\"The GitHub Blog\" \/>\n<meta property=\"article:published_time\" content=\"2023-09-14T17:34:10+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-09-14T18:37:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/github.blog\/wp-content\/uploads\/2023\/09\/autotriage-dependabot.png?fit=1600%2C840\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"840\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Erin Havens, Eric Tooley\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@erinhavens\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Erin Havens, Eric Tooley\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/github.blog\\\/news-insights\\\/product-news\\\/introducing-auto-triage-rules-for-dependabot\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/github.blog\\\/news-insights\\\/product-news\\\/introducing-auto-triage-rules-for-dependabot\\\/\"},\"author\":{\"name\":\"Erin Havens\",\"@id\":\"https:\\\/\\\/github.blog\\\/#\\\/schema\\\/person\\\/68a9f9c028d7b7eb2544b35aeed5d57e\"},\"headline\":\"Introducing auto-triage rules for Dependabot\",\"datePublished\":\"2023-09-14T17:34:10+00:00\",\"dateModified\":\"2023-09-14T18:37:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/github.blog\\\/news-insights\\\/product-news\\\/introducing-auto-triage-rules-for-dependabot\\\/\"},\"wordCount\":608,\"image\":{\"@id\":\"https:\\\/\\\/github.blog\\\/news-insights\\\/product-news\\\/introducing-auto-triage-rules-for-dependabot\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/github.blog\\\/wp-content\\\/uploads\\\/2023\\\/09\\\/autotriage-dependabot.png?fit=1600%2C840\",\"keywords\":[\"Dependabot\",\"GitHub Advanced Security\",\"open source\",\"Security\",\"supply chain security\"],\"articleSection\":[\"News &amp; insights\",\"Product\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/github.blog\\\/news-insights\\\/product-news\\\/introducing-auto-triage-rules-for-dependabot\\\/\",\"url\":\"https:\\\/\\\/github.blog\\\/news-insights\\\/product-news\\\/introducing-auto-triage-rules-for-dependabot\\\/\",\"name\":\"Introducing auto-triage rules for Dependabot - The GitHub Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/github.blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/github.blog\\\/news-insights\\\/product-news\\\/introducing-auto-triage-rules-for-dependabot\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/github.blog\\\/news-insights\\\/product-news\\\/introducing-auto-triage-rules-for-dependabot\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/github.blog\\\/wp-content\\\/uploads\\\/2023\\\/09\\\/autotriage-dependabot.png?fit=1600%2C840\",\"datePublished\":\"2023-09-14T17:34:10+00:00\",\"dateModified\":\"2023-09-14T18:37:17+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/github.blog\\\/#\\\/schema\\\/person\\\/68a9f9c028d7b7eb2544b35aeed5d57e\"},\"description\":\"Make quick work of alerts with preset and custom rules.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/github.blog\\\/news-insights\\\/product-news\\\/introducing-auto-triage-rules-for-dependabot\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/github.blog\\\/news-insights\\\/product-news\\\/introducing-auto-triage-rules-for-dependabot\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/github.blog\\\/news-insights\\\/product-news\\\/introducing-auto-triage-rules-for-dependabot\\\/#primaryimage\",\"url\":\"https:\\\/\\\/github.blog\\\/wp-content\\\/uploads\\\/2023\\\/09\\\/autotriage-dependabot.png?fit=1600%2C840\",\"contentUrl\":\"https:\\\/\\\/github.blog\\\/wp-content\\\/uploads\\\/2023\\\/09\\\/autotriage-dependabot.png?fit=1600%2C840\",\"width\":1600,\"height\":840},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/github.blog\\\/news-insights\\\/product-news\\\/introducing-auto-triage-rules-for-dependabot\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/github.blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"News &amp; insights\",\"item\":\"https:\\\/\\\/github.blog\\\/news-insights\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Product\",\"item\":\"https:\\\/\\\/github.blog\\\/news-insights\\\/product-news\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Introducing auto-triage rules for Dependabot\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/github.blog\\\/#website\",\"url\":\"https:\\\/\\\/github.blog\\\/\",\"name\":\"The GitHub Blog\",\"description\":\"Updates, ideas, and inspiration from GitHub to help developers build and design software.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/github.blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/github.blog\\\/#\\\/schema\\\/person\\\/68a9f9c028d7b7eb2544b35aeed5d57e\",\"name\":\"Erin Havens\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/19e2efbf8ffebcbe2ba1148222876310deb8f3773c87a78ed3c11aa504936045?s=96&d=mm&r=gfe6e480d1c3dd4e6f02233d18c5cd5e0\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/19e2efbf8ffebcbe2ba1148222876310deb8f3773c87a78ed3c11aa504936045?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/19e2efbf8ffebcbe2ba1148222876310deb8f3773c87a78ed3c11aa504936045?s=96&d=mm&r=g\",\"caption\":\"Erin Havens\"},\"description\":\"Erin Havens is a Product Manager at GitHub, focused on security products. 100+ ships across products like Secret Protection and Dependabot (and counting).\",\"sameAs\":[\"https:\\\/\\\/x.com\\\/erinhavens\"],\"url\":\"https:\\\/\\\/github.blog\\\/author\\\/erinhav\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Introducing auto-triage rules for Dependabot - The GitHub Blog","description":"Make quick work of alerts with preset and custom rules.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/github.blog\/news-insights\/product-news\/introducing-auto-triage-rules-for-dependabot\/","og_locale":"en_US","og_type":"article","og_title":"Introducing auto-triage rules for Dependabot","og_description":"Make quick work of alerts with preset and custom rules.","og_url":"https:\/\/github.blog\/news-insights\/product-news\/introducing-auto-triage-rules-for-dependabot\/","og_site_name":"The GitHub Blog","article_published_time":"2023-09-14T17:34:10+00:00","article_modified_time":"2023-09-14T18:37:17+00:00","og_image":[{"width":1600,"height":840,"url":"https:\/\/github.blog\/wp-content\/uploads\/2023\/09\/autotriage-dependabot.png?fit=1600%2C840","type":"image\/png"}],"author":"Erin Havens, Eric Tooley","twitter_card":"summary_large_image","twitter_creator":"@erinhavens","twitter_misc":{"Written by":"Erin Havens, Eric Tooley","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/github.blog\/news-insights\/product-news\/introducing-auto-triage-rules-for-dependabot\/#article","isPartOf":{"@id":"https:\/\/github.blog\/news-insights\/product-news\/introducing-auto-triage-rules-for-dependabot\/"},"author":{"name":"Erin Havens","@id":"https:\/\/github.blog\/#\/schema\/person\/68a9f9c028d7b7eb2544b35aeed5d57e"},"headline":"Introducing auto-triage rules for Dependabot","datePublished":"2023-09-14T17:34:10+00:00","dateModified":"2023-09-14T18:37:17+00:00","mainEntityOfPage":{"@id":"https:\/\/github.blog\/news-insights\/product-news\/introducing-auto-triage-rules-for-dependabot\/"},"wordCount":608,"image":{"@id":"https:\/\/github.blog\/news-insights\/product-news\/introducing-auto-triage-rules-for-dependabot\/#primaryimage"},"thumbnailUrl":"https:\/\/github.blog\/wp-content\/uploads\/2023\/09\/autotriage-dependabot.png?fit=1600%2C840","keywords":["Dependabot","GitHub Advanced Security","open source","Security","supply chain security"],"articleSection":["News &amp; insights","Product"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/github.blog\/news-insights\/product-news\/introducing-auto-triage-rules-for-dependabot\/","url":"https:\/\/github.blog\/news-insights\/product-news\/introducing-auto-triage-rules-for-dependabot\/","name":"Introducing auto-triage rules for Dependabot - The GitHub Blog","isPartOf":{"@id":"https:\/\/github.blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/github.blog\/news-insights\/product-news\/introducing-auto-triage-rules-for-dependabot\/#primaryimage"},"image":{"@id":"https:\/\/github.blog\/news-insights\/product-news\/introducing-auto-triage-rules-for-dependabot\/#primaryimage"},"thumbnailUrl":"https:\/\/github.blog\/wp-content\/uploads\/2023\/09\/autotriage-dependabot.png?fit=1600%2C840","datePublished":"2023-09-14T17:34:10+00:00","dateModified":"2023-09-14T18:37:17+00:00","author":{"@id":"https:\/\/github.blog\/#\/schema\/person\/68a9f9c028d7b7eb2544b35aeed5d57e"},"description":"Make quick work of alerts with preset and custom rules.","breadcrumb":{"@id":"https:\/\/github.blog\/news-insights\/product-news\/introducing-auto-triage-rules-for-dependabot\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/github.blog\/news-insights\/product-news\/introducing-auto-triage-rules-for-dependabot\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/github.blog\/news-insights\/product-news\/introducing-auto-triage-rules-for-dependabot\/#primaryimage","url":"https:\/\/github.blog\/wp-content\/uploads\/2023\/09\/autotriage-dependabot.png?fit=1600%2C840","contentUrl":"https:\/\/github.blog\/wp-content\/uploads\/2023\/09\/autotriage-dependabot.png?fit=1600%2C840","width":1600,"height":840},{"@type":"BreadcrumbList","@id":"https:\/\/github.blog\/news-insights\/product-news\/introducing-auto-triage-rules-for-dependabot\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/github.blog\/"},{"@type":"ListItem","position":2,"name":"News &amp; insights","item":"https:\/\/github.blog\/news-insights\/"},{"@type":"ListItem","position":3,"name":"Product","item":"https:\/\/github.blog\/news-insights\/product-news\/"},{"@type":"ListItem","position":4,"name":"Introducing auto-triage rules for Dependabot"}]},{"@type":"WebSite","@id":"https:\/\/github.blog\/#website","url":"https:\/\/github.blog\/","name":"The GitHub Blog","description":"Updates, ideas, and inspiration from GitHub to help developers build and design software.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/github.blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/github.blog\/#\/schema\/person\/68a9f9c028d7b7eb2544b35aeed5d57e","name":"Erin Havens","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/19e2efbf8ffebcbe2ba1148222876310deb8f3773c87a78ed3c11aa504936045?s=96&d=mm&r=gfe6e480d1c3dd4e6f02233d18c5cd5e0","url":"https:\/\/secure.gravatar.com\/avatar\/19e2efbf8ffebcbe2ba1148222876310deb8f3773c87a78ed3c11aa504936045?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/19e2efbf8ffebcbe2ba1148222876310deb8f3773c87a78ed3c11aa504936045?s=96&d=mm&r=g","caption":"Erin Havens"},"description":"Erin Havens is a Product Manager at GitHub, focused on security products. 100+ ships across products like Secret Protection and Dependabot (and counting).","sameAs":["https:\/\/x.com\/erinhavens"],"url":"https:\/\/github.blog\/author\/erinhav\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/github.blog\/wp-content\/uploads\/2023\/09\/autotriage-dependabot.png?fit=1600%2C840","jetpack_shortlink":"https:\/\/wp.me\/pamS32-jgF","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/posts\/74069","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/users\/1954"}],"replies":[{"embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/comments?post=74069"}],"version-history":[{"count":21,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/posts\/74069\/revisions"}],"predecessor-version":[{"id":74104,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/posts\/74069\/revisions\/74104"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/media\/74070"}],"wp:attachment":[{"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/media?parent=74069"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/categories?post=74069"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/tags?post=74069"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/coauthors?post=74069"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}