Overview

Dependabot alert assignees are now generally available on GitHub.com and will roll out to GitHub Enterprise Server starting in version 3.22. This feature brings clearer ownership and accountability to dependency vulnerability remediation by allowing teams to assign Dependabot alerts to specific users.

Key Capabilities

From the alert detail page, you can assign any Dependabot alert to users with write access to the repository. The assignment feature enables teams to:

• Take clear ownership of specific dependency vulnerabilities
• Track remediation work directly within GitHub's alert management interface
• Accelerate fixes by making responsibility visible and actionable
• Manage reassignments as remediation responsibilities shift across the team

Assignees are visible on alert detail pages, repository-level alert lists, organization-wide views, and enterprise alert lists. All assignee changes are logged in the audit log, and assigned users receive email notifications.

API and Integration Support

Developers can now programmatically manage alert assignments through the REST API, supporting bulk operations and custom integrations. Webhook events trigger when assignees are added or removed from alerts, allowing automation integration into existing security workflows and tooling.

Availability

This feature is available to customers with GitHub Advanced Security on github.com. Enterprise Server customers will gain access starting with version 3.22. The feature aligns with existing assignee functionality available in code scanning and secret scanning alerts, creating a consistent security alert management experience across all GitHub security features.