Intelligent severity scoring #12642
-
Here is a warning that I got today, and what's wrong about it:
I could go on with more examples. I'd say ~90% of all dependabot warnings we get are noise. A few simple if/else clauses would fix what's wrong with this one. So we're not talking about General AI level intelligence here, just make dependabot slightly less stupid. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
Hi @sandstrom, that's good feedback. We're working on making alerts more relevant. We just released a new beta where alerts now can surface vulnerable code paths for Python, and are working on extending that to other ecosystems. We're also building out the ability to flag development dependencies and transitive dependency paths. Once we're able to differentiate those alerts, we'll be able to make Dependabot Alerts a lot smarter, or even potentially configurable. Let me know if you'd like to provide more feedback over a 1 hour user research session (gift card provided for your time)! |
Beta Was this translation helpful? Give feedback.
Hi @sandstrom, that's good feedback. We're working on making alerts more relevant. We just released a new beta where alerts now can surface vulnerable code paths for Python, and are working on extending that to other ecosystems. We're also building out the ability to flag development dependencies and transitive dependency paths. Once we're able to differentiate those alerts, we'll be able to make Dependabot Alerts a lot smarter, or even potentially configurable.
Let me know if you'd like to provide more feedback over a 1 hour user research session (gift card provided for your time)!