Skip to content

Introducing the organization-level security manager role

Organizations can now grant teams permission to manage security alerts and settings on all their repositories. The "security manager" role can be applied to any team and grants the team's members the following permissions:

  • Read access on all repositories in the organization
  • Write access on all security alerts in the organization
  • Access to the organization-level security tab
  • Write access on security settings at the organization level
  • Write access on security settings at the repository level

Security manager configuration

Learn more about the security manager role

Dependency graph now supports detecting Python dependencies in repositories that use the Poetry package manager. Dependencies will be detected from both pyproject.toml
and poetry.lock manifest files. We will detect dependencies from existing manifest files over the next few weeks, or sooner if the manifest file is updated.

Learn more about dependency dependency graph

See more

If you are posting or editing a draft repository Security Advisory and the vulnerability impacts multiple packages and/or ecosystems, you can now identify all applicable affected products in the advisory.

In the past, users needed to publish multiple advisories for the same vulnerability because they could only select one ecosystem and package per advisory.

Add affected product

See more