Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GitHub Exam GitHub-Advanced-Security Topic 5 Question 9 Discussion

Actual exam question for GitHub's GitHub-Advanced-Security exam
Question #: 9
Topic #: 5
[All GitHub-Advanced-Security Questions]

-- [Configure and Use Dependency Management]

You have enabled security updates for a repository. When does GitHub mark a Dependabot alert as resolved for that repository?

Show Suggested Answer Hide Answer
Suggested Answer: D

A Dependabot alert is marked as resolved only after the related pull request is merged into the repository. This indicates that the vulnerable dependency has been officially replaced with a secure version in the active codebase.

Simply generating a PR or passing checks does not change the alert status; merging is the key step.


by Dana at Jul 08, 2025, 10:03 PM

Limited Time Offer

25%

Off

Get Premium GitHub-Advanced-Security Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Cristal
10 days ago
So the correct answer is C) When the pull request checks are successful.
upvoted 0 times
...
Matt
13 days ago
In that case, the alert would not be marked as resolved until the checks are successful.
upvoted 0 times
...
Gene
16 days ago
But what if the pull request fails the checks?
upvoted 0 times
...
Cristal
19 days ago
I agree with Matt, because that's when the alert is resolved.
upvoted 0 times
...
Chauncey
22 days ago
D is the way to go. Dependabot is a lifesaver, but you gotta make sure to actually merge those pull requests. Ain't nobody got time for unresolved alerts!
upvoted 0 times
...
William
23 days ago
Option D, no doubt. Who doesn't love a good security update? I'm just glad I don't have to manually keep track of all this stuff.
upvoted 0 times
...
Michel
24 days ago
Hmm, I was torn between C and D, but D is the winner here. GitHub really makes it easy to stay on top of dependencies.
upvoted 0 times
...
Matt
1 months ago
I think the answer is A) When Dependabot creates a pull request to update dependencies.
upvoted 0 times
...
Dorothy
1 months ago
I was thinking B, but after reading the options again, D makes the most sense. Gotta love GitHub's security features!
upvoted 0 times
...
Alaine
2 months ago
Option D seems like the correct answer. Merging the pull request with the security update is the only way to truly resolve the Dependabot alert.
upvoted 0 times
Kathrine
24 days ago
D) When you merge a pull request that contains a security update
upvoted 0 times
...
Shawna
27 days ago
A) When Dependabot creates a pull request to update dependencies
upvoted 0 times
...
...

Save Cancel