Deployment context in repository properties and alerts

Source: GitHub Changelog

Repository properties: deployable and deployed

Two new built‑in repository properties—deployable and deployed—are now available. These properties reflect existing artifact and deployment metadata, so you don’t need to manually maintain lists of which repositories are actively deployed.

You can use these properties to:

• Filter repositories in your organization based on deployment context.
• Apply rulesets, branch protections, and compliance policies automatically to repositories based on deployment context.
• Keep policy enforcement accurate as deployment state changes over time.

Runtime risk context in security alerts

Dependabot and GitHub code scanning alert pages now show runtime risk context directly on the alert. When you open an alert, you’ll see additional runtime context for the affected artifact.

This context helps your security team:

• Triage alerts based on actual runtime context, rather than treating every alert as equally urgent.
• Quickly identify which vulnerabilities exist in services that are at higher risk.
• Reduce time spent manually cross‑referencing environment and exposure data.

Both features are now generally available. To learn more, see:

• Associate artifacts with production context
• Search repositories based on deployment context