How to reopen GitHub Security Alert? #22413
-
Hello there, Recently I dismissed a GitHub vulnerabilty alert. Is there any way to reopen it? thanks in advance |
Beta Was this translation helpful? Give feedback.
Replies: 16 comments
-
Sure, you can always access them trough the Insights tab of your repository. See: https://help.github.com/articles/viewing-and-updating-vulnerable-dependencies-in-your-repository/ |
Beta Was this translation helpful? Give feedback.
-
I’m trying to find out how to reopen a dismissed security alert, but can’t find it on the link you provided. Any chance to provide instructions more clearlY? |
Beta Was this translation helpful? Give feedback.
-
On a repository page you have several tabs, like Code and Pull requests for example. Head over to Insights to find the security alerts. |
Beta Was this translation helpful? Give feedback.
-
Hey did you find a way how to reinstate dismissed ones? Thanks :) |
Beta Was this translation helpful? Give feedback.
-
@wrk4all as you can see at the responses above, you are always able to view past security issues. Could you elaborate on what you mean by “reinstating” dismissed ones? |
Beta Was this translation helpful? Give feedback.
-
The topic of this thread is about reopening/resintating a dismissed security alerts (Not notifications). So i asked if a way to reinstated the dismssied alerts has been found. (See below) Thank you :) |
Beta Was this translation helpful? Give feedback.
-
I see. Thanks for the clarification @wrk4all ! There is no way that I know of, but maybe someone else does! |
Beta Was this translation helpful? Give feedback.
-
Boo hoo lol. Mark you are the best bro, Thanks for being so responsive :o). Best, Benny. |
Beta Was this translation helpful? Give feedback.
-
+1 need a solution to this issue. |
Beta Was this translation helpful? Give feedback.
-
Can this be marked not solved? This hasn’t. It’s still not possible to “undismiss” a security alert. You can view them but cannot change the dismissed status. |
Beta Was this translation helpful? Give feedback.
-
Are there any updates on this? Thanks |
Beta Was this translation helpful? Give feedback.
-
The only “solution” for me was to remove the codes and add them again. |
Beta Was this translation helpful? Give feedback.
-
This is not a valid solution. I don’t know why this post got marked as solved. It’s clearly not. |
Beta Was this translation helpful? Give feedback.
-
Hey @joxl , this post was marked solved by the author as it was supposedly of good use to them. I agree that the comment provided by me doesn’t exactly cover the question most people may have when visiting this topic as I stated in my Aug '19 post. As far as I’m aware, things are still the same. I would however suggest you to open up a new, fresh, topic if you’re still stuck on reopening these alerts. |
Beta Was this translation helpful? Give feedback.
-
I also bumped into this limitation. Potential/partial work around. I have been unable to find a way to re-activate or re-open a dismissed security alert, however, since you can navigate to the permalink for the advisory you can use that link or a screenshot of the content (since specific permissions are needed to access it) to open an appropriate item to track it elsewhere. Open new issues with care about what details are included. Since issues on the repo itself are visible to everyone who can access the repo (the world if it is public) if you have a more private way of tracking the issue to conclusion that may be best. If you must use GitHub issues, perhaps a sanitized / redacted statement of the solution without security aspects discussed could be opened if that is what is needed to mitigate the vuln. For example, details of vulns aside, often dependabot finds items that are remediated with a package update, so an issue like the following might be sufficient.
|
Beta Was this translation helpful? Give feedback.
-
This is crazy. So anyone can just dismiss an alert? Surely the dismissal is audited somewhere - why else would you have to specify the reason for dismissal? If I can track and review the dismissals I can at least decide if I need to manually reinstate them? |
Beta Was this translation helpful? Give feedback.
Sure, you can always access them trough the Insights tab of your repository.
See: https://help.github.com/articles/viewing-and-updating-vulnerable-dependencies-in-your-repository/