leanix · r0binary-sap · Feb 5, 2026 · Feb 5, 2026
@@ -45,6 +45,8 @@ This directory contains shareable Renovate configuration presets that can be use
 - Displays OSV vulnerability alerts in the Renovate dependency dashboard
 - Enables OSV vulnerability scanning for all dependencies (experimental feature)
 - Provides comprehensive vulnerability information from the [OSV database](https://osv.dev/)
+- Labels PRs with the CVE severity
+- suffixes commits and PR title with the CVE severity
 
 **Usage**:
 ```json

@@ -2,5 +2,22 @@
     // Display OSV vulnerability alerts in the dependency dashboard
     "dependencyDashboardOSVVulnerabilitySummary": "all",
     // Enable OSV vulnerability alerts for all repositories (experimental feature)
-    "osvVulnerabilityAlerts": true
+    "osvVulnerabilityAlerts": true,
+    // Configuration for Security updates
+    "vulnerabilityAlerts": {
+        // no grouping
+        "groupName": null,
+        // may be created at any time
+        "schedule": [],
+        // no dashboard apporval required
+        "dependencyDashboardApproval": false,
+        // specific minimum release age for security updates
+        "minimumReleaseAge": "5 days",
+        // add label indicating sverity of CVEs
+        "addLabels": ["SEVERITY:{{vulnerabilitySeverity}}"],
+        // add commitMessageSuffix indicating sverity of CVEs
+        "commitMessageSuffix": "[SECURITY] [SEVERITY: {{vulnerabilitySeverity}}{{#if (or (equals vulnerabilitySeverity 'MEDIUM') (equals vulnerabilitySeverity 'MODERATE'))}} 🟡{{else if (or (equals vulnerabilitySeverity 'HIGH') (equals vulnerabilitySeverity 'CRITICAL'))}} 🔴{{/if}}]",
+        // use the lowest possible version that fixes the vulnerability
+        "vulnerabilityFixStrategy": "lowest"
+    }
 }