GH-500 Question #80: Real Exam Question with Answer & Explanation

The correct answer is A: as soon as a vulnerable dependency is detected. Dependabot alerts are generated as soon as GitHub detects a known vulnerability in one of your dependencies. GitHub does this by analyzing your repository’s dependency graph and matching it against vulnerabilities listed in the GitHub Advisory Database. Once a match is found, the

Implement and manage Dependabot

Question

When does Dependabot alert you of a vulnerability in your software development process?

Options

Aas soon as a vulnerable dependency is detected
Bwhen Dependabot opens a pull request to update a vulnerable dependency
Cas soon as a pull request is opened by a contributor
Dwhen a pull request adding a vulnerable dependency is opened

Explanation

Dependabot alerts are generated as soon as GitHub detects a known vulnerability in one of your dependencies. GitHub does this by analyzing your repository’s dependency graph and matching it against vulnerabilities listed in the GitHub Advisory Database. Once a match is found, the system raises an alert automatically without waiting for a PR or manual action. This allows organizations to proactively mitigate vulnerabilities as early as possible, based on real-time detection.

Topics

#Dependabot alerts#Vulnerability detection#Dependency management

Community Discussion

No community discussion yet for this question.

Full GH-500 Practice Browse All GH-500 Questions