We’ve introduced a new Dependabot metrics section in the Security tab, available at the organization level. This update helps application security managers cut through the noise and focus on what matters most: the vulnerabilities that truly need attention.

Our first tile in the new metrics section is a visual funnel that highlights how Dependabot helps prioritize alerts based on configurable factors like:

  • CVSS (Common Vulnerability Scoring System) severity.
  • EPSS (Exploit Prediction Scoring System) likelihood.
  • If a patch is available.

This funnel provides a clear, visual representation of how Dependabot triages alerts so your team can take faster, more informed action. You can use it to get a summary of how vulnerabilities are ranked across your repositories, easily communicate security posture and priorities to stakeholders, and help your teams focus on the threats that matter most. The prioritization funnel lets you quickly identify critical vulnerabilities without sifting through every Dependabot alert. It streamlines your workflow so you can fix the most impactful issues first.

We’ll continue to expand Dependabot’s metrics and insights to help your team stay ahead of emerging threats and maintain a secure, healthy codebase.

If you’re a GitHub Advanced Security (GHAS) customer using Code Security and have previously participated in a private preview for the Security Overview, you’ll automatically be included in the Dependabot metrics page private preview.

If you haven’t participated in a Security Overview private preview before but have purchased Code Security and want to join the Dependabot Metrics page preview, please let us know you’re interested here.