Understand Security Alerts
Understand GitHub security alerts in InstaSLA
Understand imported alert fields, workflow states, and why ownership and SLA status matter.
What InstaSLA imports
InstaSLA works with GitHub security and Dependabot alert metadata: repository, package, ecosystem, severity, advisory identifiers, patched version, alert state, and timestamps where GitHub provides them.
What an alert needs operationally
An imported alert becomes useful when it has an owner, an SLA due date, a workflow state, and evidence of what happened. A raw alert count alone does not show whether remediation is controlled.
States to watch
Open alerts need attention. Fixed alerts are useful evidence. Dismissed and risk-accepted alerts should have a reason and review history. Overdue alerts should be escalated before they become an audit surprise.