Starting today, developers with write access to repositories in security campaigns will receive email notifications without needing to subscribe to repository activity. Previously, users needed to subscribe to All activity or Security alerts to be notified when campaigns were created or reached their due date.

This change ensures that developers best positioned to remediate security alerts are automatically aware of their security team’s priorities, making collaboration and communication more seamless. Security campaigns help teams prioritize and rapidly reduce their backlog of application security debt with GitHub Copilot Autofix, which automatically suggests fixes when campaigns are created.

Security campaigns are available for users of GitHub Code Security on GitHub Enterprise Cloud. For more information, see About security campaigns in the GitHub documentation.

Have feedback on security campaigns? Join the discussion in the GitHub Community.