Dependabot pull requests off by default for forks

Dependabot helps you keep your dependencies up-to-date with Dependabot version updates. These pull requests are configured via a dependabot.yml file.

Starting today, if you fork a repository with an existing dependabot.yml, Version updates will be disabled by default. To enable Dependabot pull requests based on this configuration, you can click “enable” from your forked repository’s “Code security and analysis” settings page.

After enabling Dependabot version updates, you will also be able to disable with a single click from this settings page.

Dependabot version updates

Learn more about configuring Dependabot version updates.

GitHub Advanced Security customers using secret scanning can now specify a custom link via the organization level REST API that will show in the message when push protection detects and blocks a potential secret. Admins can use the custom link to point their developers to company-specific guidance on secrets.

Previously, admins could only set a custom link through the UI.

See more