GitHub Copilot — Question 11

Assuming that notification and alert recipients are not customized, what does GitHub do when it identifies a vulnerable dependency in a repository where Dependabot alerts are enabled? (Each answer presents part of the solution. Choose two.)

Answer options

• A. It generates a Dependabot alert and displays it on the Security tab for the repository.
• B. It consults with a security service and conducts a thorough vulnerability review.
• C. It generates Dependabot alerts by default for all private repositories.
• D. It notifies the repository administrators about the new alert.

Correct answer: A, D

Explanation

The correct answers, A and D, indicate that GitHub will create a Dependabot alert visible in the Security tab and notify administrators about the alert. Option B is incorrect because GitHub does not consult a security service for this process, and option C is wrong as Dependabot alerts are not generated by default for all private repositories.