Can't see the "Access to alerts" for dependabot settings

According to the documentation, there should be a section on the Security & analysis setting page for granting users and teams access to the Dependabot alerts, but I don’t see that on my page. I am an administrator in the organization and I can see the alerts myself.

Has that setting moved?

:wave: Hi!

I think you are in the general organisation security settings. If you go to your repository settings --> security & analysis, you should find the “Access to alerts” setting at the bottom of the page.

Is there an API or GraphQL endpoint for adding people to the “Access to alerts” setting?

5 Likes

Apparently the current documentation is here: Managing security and analysis settings for your repository - GitHub Docs

This is of course not remotely helpful for the average use case of “user is asked to investigate a security vulnerability and then tries to see it and can’t, and thus looks in the pages relating to looking at dependabot alerts”.

I have the same issue. There’s an API endpoint to enable and disable vulnerability alerts; Repositories - GitHub Docs But there doesn’t seem to be an API to manage who has access to the security alerts, which is really needed when you have 100’s of repositories to manage.

2 Likes

Wrote a script for this as a workaround: Can't see the "Access to alerts" for dependabot settings - #4 by jsoref

This really needs to be an org-wide setting.

@captn3m0 can you share said script?

Here it is: Grant Security Alert Permission on GitHub Org Script · GitHub

1 Like