GH-500 - Configure and use supply chain security - Section 3.2

Detect, prioritize, and respond to Dependabot alerts and security updates, using EPSS scoring, auto-dismiss behaviour, and security campaigns.

Detect and prioritise Dependabot alerts using EPSS scoring to focus effort on vulnerabilities most likely to be exploited, and configure auto-dismiss rules to suppress low-priority noise. Use Dependabot security updates and security campaigns to coordinate remediation across multiple repositories at scale.

Examworthy is not affiliated with or endorsed by GitHub. Original, blueprint-aligned practice material only.