You can now assign Dependabot alerts to specific users, helping your team track and remediate dependency vulnerabilities more effectively by assigning clear ownership of alerts.

How it works

From the alert detail page, you can now assign any Dependabot alert to users who have write access to the repository. Assigning users to Dependabot alerts brings security work into the same workflow you already use for code scanning and secret scanning alerts. With assignees, your team can:

  • Take clear ownership of specific dependency vulnerabilities.
  • Track remediation work directly within GitHub.
  • Accelerate fixes by making responsibility visible and actionable.
  • Remove and reassign as remediation responsibilities shift.

You can view assignees on alert detail pages and across repository, organization, and enterprise alert lists. Assignees are also visible in the audit log and get email notifications.

REST API and webhooks

You can programmatically view, assign, and unassign users to Dependabot alerts using the REST API, enabling bulk operations and custom integrations. Webhook events for assignee changes let you integrate alert assignment into your existing workflows and automation.

Who can use this feature?

Dependabot alert assignees are available to customers with GitHub Advanced Security on github.com and will be available for GitHub Enterprise Server customers starting with version 3.22.

Learn more about managing Dependabot alerts and assigning alerts in the documentation.

Join the discussion within GitHub Community.