// Auto-dismiss Dependabot alerts matching configurable hotwords (e.g. DoS) or a GHSA/CVE dismiss list. Use when the user wants to bulk-dismiss low-priority Dependabot alerts.
Auto-detect top maintainers for each repo in an org and set the maintainers custom property via the GitHub API. Use when the user wants to populate or update maintainer metadata.
Validate metadata fields (author, source, category) in opengrep/semgrep YAML rule files. Use when the user wants to lint or check rule quality.
Clean up stale security-action Slack messages based on review signals (reactions, label removal, resolved threads). Use when the user wants to clean old notifications from a Slack channel.
Delete Slack messages from a channel filtered by bot username and repository names. Use when the user wants to bulk-delete bot messages for specific repos.
Scan org repos for open Dependabot alerts at or above a severity threshold and build notification messages for maintainers. Use when the user wants to check or nudge about Dependabot vulnerabilities.
Fetch and parse a JSON config file from a GitHub repository. Use when the user wants to read a configuration file from a remote repo.
| name | dependabot-dismiss |
| description | Auto-dismiss Dependabot alerts matching configurable hotwords (e.g. DoS) or a GHSA/CVE dismiss list. Use when the user wants to bulk-dismiss low-priority Dependabot alerts. |
| argument-hint | [org] |
| allowed-tools | Bash(node *) |
Fetch open Dependabot alerts across an org and auto-dismiss those matching hotwords or a dismiss list file.
Run from the project root:
# Dismiss DoS-related alerts in an org
node run.js ./src/dependabotDismiss.js --org=brave
# Dry run (debug mode)
node run.js ./src/dependabotDismiss.js --org=brave --debug=true
# Custom severity threshold
node run.js ./src/dependabotDismiss.js --org=brave --minlevel=medium
# Custom dismiss list file
node run.js ./src/dependabotDismiss.js --org=brave --dependabotDismissConfig=./my-dismiss-list.txt
| Parameter | Required | Default | Description |
|---|---|---|---|
--org | Yes | - | GitHub organization name |
--githubToken | No | $GITHUB_TOKEN | GitHub PAT |
--minlevel | No | low | Minimum severity: low, medium, high, critical |
--debug | No | false | Log dismiss actions without actually dismissing |
--hotwords | No | DoS-related terms | Comma-separated summary keywords to match |
--actor | No | security-action | Name used in dismiss comment |
--dependabotDismissConfig | No | dependabot-dismiss.txt | Path to file with GHSA/CVE IDs to dismiss |
Returns { message, dismissedRepos } -- a Markdown summary of dismissed alerts and an array of affected repo full names.
.env file with GITHUB_TOKEN (needs Dependabot alerts read + dismiss permissions)run.js entry point automatically loads .env credentials--debug=true first to preview what would be dismissed