GitHub has expanded its audit logging capabilities for Dependabot by introducing two new event types that track configuration changes across organizations and enterprises.

New Audit Log Events

The two new event types are:

• Dependabot vulnerability updates toggle (dependabot_security_updates): Logs when someone enables or disables Dependabot vulnerability updates on a repository
• Self-hosted runner configuration (repository_dependency_updates_self_hosted): Logs when someone enables or disables Dependabot on self-hosted runners

Each event captures critical audit information including the actor who made the change and the timestamp of when it occurred.

Where to Find These Events

These new audit log entries are available in:

• Organization audit logs
• Enterprise audit logs

Both event types can be reviewed through GitHub's standard audit log interface for tracking configuration changes over time.

Use Cases for Development and Security Teams

The new audit events enable organizations to:

• Track configuration changes for compliance and auditing purposes
• Identify unauthorized modifications to security settings
• Perform forensic investigations when needed to understand the history of Dependabot configuration changes

This enhancement provides better visibility into dependency management and security settings changes, helping teams maintain governance and compliance requirements around supply chain security.