You can now require reviews before closing Dependabot alerts with delegated alert dismissal

Delegated alert dismissal allows you to require a review process before Dependabot alerts are closed. This feature is available to GitHub Code Security customers and can be used in both the UI and API.

This helps you better manage security risk, as well as meet audit and compliance requirements. Delegated alert dismissal brings the same governance controls available for code scanning and Secret Scanning to Dependabot alerts.

This feature helps organizations:

Increase accountability across development teams when addressing vulnerability alerts.
Prevent insecure activity such as accidental or unauthorized dismissals.
Manage alerts at scale by making alert activity easier to govern and audit.

Delegated alert dismissal for Dependabot is available for code security customers now on github.com and in GitHub Enterprise Server 3.21.

To learn more about Dependabot alert dismissal requests, see our documentation about code security.

JUN.9Release
Dependabot version updates now support the Deno ecosystem
- Supply Chain Security
JUN.9Retired
Upcoming breaking changes for npm v12
- Supply Chain Security
MAY.26Release
Dependabot version updates now support the sbt ecosystem
- Supply Chain Security
MAY.22Release
Staged publishing and new install-time controls for npm
- Supply Chain Security
MAY.19Retired
Upcoming deprecation of Python 3.9 for Dependabot
- Supply Chain Security
MAY.12Retired
Synchronous SBOM API deprecated
- Supply Chain Security
MAY.11Improvement
Cross-org Dependabot access for internal repositories
- Supply Chain Security
MAY.6Release
Search and filter bar for repository security advisories
- Supply Chain Security
MAY.5Release
Dependency scanning with GitHub MCP Server is in public preview
- Supply Chain Security

You can now require reviews before closing Dependabot alerts with delegated alert dismissal

Related Posts

Subscribe to our developer newsletter