diff --git a/package-lock.json b/package-lock.json
index 87e5e90d1..e02300017 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -21583,8 +21583,9 @@
     },
     "node_modules/url-parse": {
       "version": "1.5.10",
+      "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.5.10.tgz",
+      "integrity": "sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==",
       "dev": true,
-      "license": "MIT",
       "dependencies": {
         "querystringify": "^2.1.1",
         "requires-port": "^1.0.0"
diff --git a/packages/repocop/src/evaluation/repository.ts b/packages/repocop/src/evaluation/repository.ts
index b4e67c59f..9eda0adc8 100644
--- a/packages/repocop/src/evaluation/repository.ts
+++ b/packages/repocop/src/evaluation/repository.ts
@@ -1,3 +1,4 @@
+import { URL } from 'url';
 import type {
 	github_languages,
 	github_repository_branches,
@@ -400,13 +401,23 @@ export function evaluateOneRepo(
 }
 
 //create a predicate that orders a list of urls by whether they contain snyk.io first, and then github.com second
-const urlSortPredicate = (url: string) => {
-	if (url.includes('snyk.io')) {
-		return -2;
-	} else if (url.includes('github.com') && url.includes('advisories')) {
-		return -1;
+const urlSortPredicate = (maybeUrl: string) => {
+	try {
+		const url = new URL(maybeUrl);
+
+		if (url.hostname === 'snyk.io' || url.hostname === 'security.snyk.io') {
+			return -2;
+		} else if (
+			url.hostname === 'github.com' &&
+			url.pathname.includes('advisories')
+		) {
+			return -1;
+		}
+		return 0;
+	} catch {
+		console.debug(`Invalid url: ${maybeUrl}`);
+		return 0;
 	}
-	return 0;
 };
 
 export function dependabotAlertToRepocopVulnerability(