Filter only critical / high severity vulnerabilities alerts #33600

dormullor · 2025-01-13T17:26:49Z

dormullor
Jan 13, 2025

How are you running Renovate?

Self-hosted Renovate

If you're self-hosting Renovate, tell us which platform (GitHub, GitLab, etc) and which version of Renovate.

Github

Please tell us more about your question or problem

At our company, we've started using Renovate, and we’re really impressed with it! One of our key interests is automating PRs to address vulnerabilities. From what I understand, when we enable:

  "vulnerabilityAlerts": {
    "enabled": true
  }

Renovate leverages GitHub security alerts (Dependabot) to identify vulnerabilities and then creates PRs with fixes.
In Dependabot, I can filter PRs to target only Critical or High severity alerts, but this filter doesn’t seem to apply to Renovate.
How can I configure Renovate to ensure it only opens PRs for Critical or High severity alerts?

Logs (if relevant)

Logs


Replace this text with your logs, between the starting and ending triple backticks

rarkins · 2025-02-02T06:55:49Z

rarkins
Feb 2, 2025
Maintainer

Renovate does not currently parse/store the severity field from alerts. I created #33993 and PRs are welcome

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Filter only critical / high severity vulnerabilities alerts #33600

{{title}}

Replies: 1 comment

{{title}}

Select a reply

Filter only critical / high severity vulnerabilities alerts #33600

dormullor Jan 13, 2025

How are you running Renovate?

If you're self-hosting Renovate, tell us which platform (GitHub, GitLab, etc) and which version of Renovate.

Please tell us more about your question or problem

Logs (if relevant)

Replies: 1 comment

rarkins Feb 2, 2025 Maintainer

dormullor
Jan 13, 2025

rarkins
Feb 2, 2025
Maintainer