Dependabot alerts are now visible to more developers

Dependabot alerts have been a critical security feature on GitHub for the past five years, enabling developers to address over 80 million dependency-based vulnerabilities. Historically, these alerts were only visible to admin users, limiting the developers' ability to act on them. In a developer-first move, GitHub announced that starting February 7, developers with repository write or maintain roles will be able to view and address Dependabot alerts by default, enhancing code security management. This change does not affect custom roles or organization permissions and does not alter alert notifications or repository watching settings. Developers can manage their alert notifications by visiting GitHub's settings to adjust how and when they receive notifications, such as opting for weekly email digests instead of immediate notifications. This update aligns with GitHub's continued efforts to prioritize security and empower developers, as emphasized by GitHub's Product Manager Erin Havens.