You can now require reviews before closing Dependabot alerts with delegated alert dismissal

Source: GitHub Changelog

Delegated alert dismissal for Dependabot

Delegated alert dismissal allows you to require a review process before Dependabot alerts are closed. This feature is available to GitHub Code Security customers and can be used in both the UI and API.

It helps you better manage security risk and meet audit and compliance requirements. Delegated alert dismissal brings the same governance controls available for code scanning and Secret Scanning to Dependabot alerts.

Benefits for organizations

• Increase accountability across development teams when addressing vulnerability alerts.
• Prevent insecure activity such as accidental or unauthorized dismissals.
• Manage alerts at scale by making alert activity easier to govern and audit.

Delegated alert dismissal for Dependabot is available for code security customers now on github.com and in GitHub Enterprise Server 3.21.

To learn more about Dependabot alert dismissal requests, see our documentation about code security.