剛好是之前推出 Dependency Graph 後可以拿出來善用的利用：「Introducing security alerts on GitHub」，先前提到的 Dependency Graph 則是在「A more connected universe」這邊。
Vulnerability coverage 的部份有提到範圍，至少有公開 CVE 的會納入：
Vulnerabilities that have CVE IDs (publicly disclosed vulnerabilities from the National Vulnerability Database) will be included in security alerts. However, not all vulnerabilities have CVE IDs—even many publicly disclosed vulnerabilities don't have them. We'll continue to get better at identifying vulnerabilities as our security data grows. For more help managing security issues, check out our security partners in the GitHub Marketplace.