Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Copilot Lvl 2
Message 1 of 2

Enable Vulnerability Alerts to users with read access

Hi,

     As mentioned in the below article

 

https://help.github.com/en/articles/managing-alerts-for-vulnerable-dependencies-in-your-organization...

 

Security Alerts ( for members other than org or repo admins) can be enabled only for members with write access to the repo. I am wondering why is it designed that way and if there is any change planned to add members with "Read" access in the notification list. Members of the security team may need to receive these alerts, but don't necessarily need write access as they would not be contributing any code changes.

1 Reply
Highlighted
Community Manager
Message 2 of 2

Re: Enable Vulnerability Alerts to users with read access

Thanks for taking the time to write this feedback, this is a great question and one that we are actually already investigating in an internal issue, and I've added your feedback to it. For now would it be possible for your organization to delegate Write permissions via teams (including to the security folks), and then using protected branches and a CODEOWNERS file with broad coverage to require review for any pull requests that touch files in the repository?

Thanks for being here, sharing, and keeping our community awesome!
Best,
AndreaG

Mark helpful posts with Accept as Solution to help other users locate important info. Don't forget to give Kudos for great content!