On April 21, 2026, we’re deprecating and removing the following fields from the get an organization and update an organization REST API endpoints:

  • advanced_security_enabled_for_new_repositories
  • dependabot_alerts_enabled_for_new_repositories
  • dependabot_security_updates_enabled_for_new_repositories
  • dependency_graph_enabled_for_new_repositories
  • secret_scanning_enabled_for_new_repositories
  • secret_scanning_push_protection_enabled_for_new_repositories
  • secret_scanning_validity_checks_enabled

GitHub Code Security configurations now replace this functionality, providing a more comprehensive and flexible way to manage security product enablement across your organization.

If you currently rely on these fields in API integrations or automation, you should:

  1. Migrate to GitHub Code Security configurations. You can create and manage configurations via the Code Security Configurations REST API or through your organization’s Settings → Code Security page.
  2. Update any scripts or integrations that read or write these fields, as they’ll no longer be available after April 21, 2026.
  3. Set a default configuration for new repositories to replicate the behavior these fields previously controlled.

For more information, see our documentation on managing code security configurations for your organization.

Join the discussion in GitHub Community.