🔥 3-day streak
GitHub Enterprise Administrator (GH-100)15 / 79
Question 15 of 79

A security engineer enables Dependabot alerts on a repository, but no alerts appear even though the team knows a direct dependency in their Python project has a published CVE. The repository contains a requirements.txt file, and the dependency graph feature shows as enabled in the repository's Settings. What is the most likely reason Dependabot is not generating an alert?

Reviewed for accuracy · Report an issueNext question