Artifact and deployment context now appears in two new places: repository properties and security alert pages.

Repository properties: deployable and deployed

Two new built-in repository properties—deployable and deployed—are now available. These properties reflect existing artifact and deployment metadata, so you don’t need to manually maintain lists of which repositories are actively deployed.

You can use these properties to:

  • Filter repositories in your organization based on deployment context.
  • Apply rulesets, branch protections, and compliance policies automatically to repositories based on deployment context.
  • Keep policy enforcement accurate as deployment state changes over time.

Filters being used to get list of deployed or deployable filters

Runtime risk context in security alerts

Dependabot and GitHub code scanning alert pages now show runtime risk context directly on the alert. When you open an alert, you’ll see additional runtime context for the affected artifact.

This context helps your security team:

  • Triage alerts based on actual runtime context, rather than treating every alert as equally urgent.
  • Quickly identify which vulnerabilities exist in services that are at higher risk.
  • Reduce time spent manually cross-referencing environment and exposure data.

Runtime Context metadata present on security alerts to enable triage and prioritization

Both features are now generally available. To learn more, see: