Dependabot Alerts default permissions: write and maintain roles
#609
Labels
cloud
Available on Cloud
dependabot
Feature: GitHub Dependabot
ga
Feature phase: Generally available
GitHub Advanced Security (GHAS)
Product SKU: GitHub Advanced Security
shipped
Shipped
Comments
github-product-roadmap
added
cloud
|
🚢 This has shipped to dotcom: https://github.blog/changelog/2023-02-07-dependabot-alerts-default-permissions-change. Leaving open to track GHES release! |
|
🚢 This has shipped with GHES 3.9: https://docs.github.com/en/[email protected]/admin/release-notes. Closing as complete. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Summary
Today by default, only those with the
adminrole for a repository can view or modify Dependabot alerts. With this change, anyone withwriteormaintainroles will also have permissions to view and modify Dependabot alerts by default.Intended Outcome
Starting February 2023, default permissions for Dependabot alerts are changing so that the right collaborators can see and action on Dependabot alerts.
How will it work?
Based on your repository permissions, if you have
writeormaintainaccess, you'll be able to view and action on Dependabot alerts.Based on your user notification settings and per-repository watching settings, you'll begin receiving notifications on Dependabot alerts.
You can adjust your user notifications settings and per-repository watching settings to make sure you're receiving notifications on Dependabot alerts for the repositories you care about.
The text was updated successfully, but these errors were encountered: