GitHub Advanced Security customers can now view all their Dependabot alerts in the organization security tab. This view is available to organization owners and members of teams with the security manager role.
Dependabot alerts: persisted after fix, now one per advisory
Today, we’re shipping improvements to Dependabot alerts that help you more easily understand and remediate vulnerabilities from dependencies in your codebase.
Persisted Dependabot alerts
Developers can now view alerts that have been fixed in the Dependabot alerts UI.
Included changes:
- Starting today, fixed Dependabot alerts will now persist and continue to appear under the “closed” tab in the UI
- All individual alerts now have unique numeric identifiers.
Ungrouped alerts
Previously, Dependabot alerts displayed multiple security advisories grouped by package. Dependabot alerts will now represent a single advisory, rather than being grouped by package.
Included changes:
- Alerts are now displayed individually (one per advisory and manifest)
- Previous alert details pages will redirect to a filtered list view by the package name
- Alert titles will now be more useful to developers and show information about the advisory, rather than just the package name.
This update will not affect Dependabot alert email digests or notifications, Dependabot pull requests, or the GraphQL API.
Learn more about the improvements we’re making to Dependabot alerts in our latest blog post, or read our documentation.
A light high contrast theme, with greater contrast between foreground and background elements, is now generally available to all github.com users. Navigate to the "Appearance" page in your profile settings to choose the light high contrast theme.
A VS Code light high contrast theme matching the official github.com theme is also now generally available. To start using the new theme, go to the VS Marketplace, click on the "Install" button, and select your preferred theme in VS Code.
