GitHub Copilot — Question 1

You are a maintainer of a repository and Dependabot notifies you of a vulnerability. Where could the vulnerability have been disclosed? (Each answer presents part of the solution. Choose two.)

Answer options

• A. in the National Vulnerability Database
• B. in the dependency graph
• C. in security advisories reported on GitHub
• D. in manifest and lock files

Correct answer: C

Explanation

The correct answer includes option C, as vulnerabilities can be disclosed in security advisories on GitHub, which are directly related to repository dependencies. Option A, the National Vulnerability Database, is a valid source of information but is not specific to GitHub, while options B and D do not directly report vulnerabilities.