Dependabot Alert Assignments Now Generally Available

GitHub has released Dependabot alert assignees as a generally available feature, extending assignment capabilities across the entire Dependabot vulnerability management workflow. Teams can now assign any Dependabot alert to users who have write access to the repository, directly from the alert detail page.

Key Capabilities

The new feature enables teams to:

• Take clear ownership of specific dependency vulnerabilities with visible, actionable responsibility
• Track remediation work directly within GitHub without context switching
• Accelerate fixes by making responsibility transparent across the team
• Dynamically manage assignments by removing and reassigning as priorities shift

Assignees are visible across repository, organization, and enterprise alert lists, as well as in audit logs. Team members assigned to alerts receive email notifications, keeping everyone informed about their responsibilities.

Programmatic Access & Automation

The REST API provides full programmatic support for managing alert assignments, enabling bulk operations and custom integrations. Webhook events for assignee changes allow teams to integrate alert assignment into existing workflows and automation tools, creating seamless integration with external systems.

Availability & Rollout

The feature is available now for GitHub Advanced Security customers on github.com, with support coming to GitHub Enterprise Server starting with version 3.22. This aligns Dependabot alerts with the assignment workflows already available for code scanning and secret scanning alerts, creating a unified security alert management experience across all GitHub security products.