What happens if a vulnerability is found during Dependency Review?

Prepare for the GitHub Advanced Security Certification Test. Practice with multiple choice questions, detailed explanations, and hints. Achieve success on your first attempt!

Multiple Choice

What happens if a vulnerability is found during Dependency Review?

Explanation:
Dependency Review is designed to prevent introducing known security issues by evaluating dependencies in a PR. When a vulnerability is found, the PR is blocked or flagged until remediation is completed. This means you must upgrade to a secure version, apply a patch, or remove the vulnerable component before the change can be merged. Tests and CI cannot automatically fix the vulnerability, so action from the developer is required and the review workflow will re-check after remediation to lift the block. This approach keeps security from slipping through the cracks and ensures only vetted, up-to-date dependencies are merged.

Dependency Review is designed to prevent introducing known security issues by evaluating dependencies in a PR. When a vulnerability is found, the PR is blocked or flagged until remediation is completed. This means you must upgrade to a secure version, apply a patch, or remove the vulnerable component before the change can be merged. Tests and CI cannot automatically fix the vulnerability, so action from the developer is required and the review workflow will re-check after remediation to lift the block. This approach keeps security from slipping through the cracks and ensures only vetted, up-to-date dependencies are merged.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy