Understand Security Alerts

Understand GitHub security alerts in InstaSLA

Understand imported alert fields, workflow states, and why ownership and SLA status matter.

What InstaSLA imports

InstaSLA works with GitHub security and Dependabot alert metadata: repository, package, ecosystem, severity, advisory identifiers, patched version, alert state, and timestamps where GitHub provides them.

What an alert needs operationally

An imported alert becomes useful when it has an owner, an SLA due date, a workflow state, and evidence of what happened. A raw alert count alone does not show whether remediation is controlled.

States to watch

Open alerts need attention. Fixed alerts are useful evidence. Dismissed and risk-accepted alerts should have a reason and review history. Overdue alerts should be escalated before they become an audit surprise.

Understand GitHub security alerts in InstaSLA | InstaSLA