The code scanning REST API updated_at field has been improved to help you review your most recently changed alerts.
The updated_at timestamp now returns the alert's most recent state change on the branch that you requested. We consider a state change to be a significant event, including an alert being introduced, fixed, dismissed, reopened or reintroduced. This is implemented in both the repo API and org API so it can be used consistently at scale.
Previously, the updated_at timestamp changed whenever an alert was found in an analysis or the alert state changed, and so was updated very regularly. This improvement lets you efficiently use updated_at to sort and focus on your most recently changed alerts.
The code scanning REST API list alerts endpoints code-scanning/alerts returns the value for the default branch, unless another branch is specificed. The alert endpoint code-scanning/alerts/{alert_number} reports at the alert level, so will return the maximum value for the alert across all branches.
This is now live on GitHub.com for the repository level API. This will be live for the organization level API over the next few days because it requires data reindexing. This will ship to GitHub Enterprise Server version 3.11. For more information, see the code scanning REST API documentation.