We’ve introduced a new Dependabot metrics section in the Security tab, available at the organization level. This update helps application security managers cut through the noise and focus on remediating the vulnerabilities that need attention first.

Dependabot alerts prioritization funnel

This page features several tiles, including a visual funnel that highlights how Dependabot helps prioritize alerts based on configurable factors like:

  • CVSS (Common Vulnerability Scoring System) severity
  • EPSS (Exploit Prediction Scoring System) likelihood
  • If a patch is available

This funnel provides a clear, visual representation of how Dependabot triages alerts so your team can take faster, more informed action. You can use it to get a summary of how vulnerabilities are ranked across your repositories, easily communicate security posture and priorities to stakeholders, and help your teams focus on the threats that matter most. The prioritization funnel lets you quickly identify critical vulnerabilities without sifting through every Dependabot alert. It streamlines your workflow so you can fix the most impactful issues first.

We’ll continue to expand Dependabot’s metrics and insights to help your team stay ahead of emerging threats and maintain a secure, healthy codebase.

If you’re a GitHub Advanced Security (GHAS) customer using Code Security, you’ll automatically have access to the Dependabot metrics page. To learn more about GitHub Code Security, please check out these docs to get started.