Dependabot Alert Assignees Now Generally Available

GitHub has released assignee functionality for Dependabot alerts, enabling teams to assign dependency vulnerabilities to specific users. This feature is now available to customers with GitHub Advanced Security on github.com and will roll out to GitHub Enterprise Server starting with version 3.22.

Key Capabilities

The assignee feature brings security work into the same workflow developers already use for code scanning and secret scanning alerts:

• Assign clear ownership: Designate specific users with write access to the repository as responsible for remediating individual Dependabot alerts
• Track remediation work: Monitor and manage dependency vulnerability fixes directly within GitHub
• Improve accountability: Make responsibility visible and actionable across your team
• Flexible management: Remove and reassign alerts as remediation responsibilities shift

Assignees are visible on alert detail pages, repository-level alert lists, organization and enterprise-wide dashboards, audit logs, and notifications.

API and Automation Support

The REST API now supports programmatic management of Dependabot alert assignees, enabling:

• View, assign, and unassign users to alerts via API calls
• Bulk operations for assigning multiple alerts at scale
• Custom integrations with existing tooling and workflows
• Webhook events triggered on assignee changes for real-time automation

This API-first approach allows teams to integrate alert assignment into their existing security automation and notification systems.

Availability and Next Steps

The feature requires GitHub Advanced Security and is available immediately on github.com. Enterprise Server users will gain access in version 3.22. Teams should review the managing Dependabot alerts documentation for implementation details and best practices.