A new capability, delegated alert dismissal, enables the enforcement of a review process prior to closing Dependabot alerts. This functionality is accessible to GitHub Code Security customers and operates through both the user interface and API.
This enhancement assists in improved security risk management and in fulfilling audit and compliance obligations. Delegated alert dismissal extends similar governance controls, previously available for code scanning and Secret Scanning, to Dependabot alerts.
This feature offers several benefits to organizations:
- Increase accountability across development teams when addressing vulnerability alerts.
- Prevent insecure activity such as accidental or unauthorized dismissals.
- Manage alerts at scale by making alert activity easier to govern and audit.
The delegated alert dismissal feature for Dependabot is currently accessible to code security customers on github.com and within GitHub Enterprise Server 3.21.
Further information regarding Dependabot alert dismissal requests can be found in the documentation about code security.
