[2026-03-03] Assignable Dependabot alerts to users and Copilot for remediation [GA] (#60239)

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

Author: mchammer01

content/code-security/concepts/supply-chain-security/about-dependabot-alerts.md

@@ -42,15 +42,27 @@ When {% data variables.product.github %} detects a vulnerable dependency, a {% d
 
 For information about viewing and managing alerts, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts).
 
-## Enabling alerts
+## Who can enable alerts?
 
 Repository administrators and organization owners can enable {% data variables.product.prodname_dependabot_alerts %} for their repositories{% ifversion fpt or ghec %} and organizations{% endif %}. When enabled, {% data variables.product.github %} immediately generates the dependency graph and creates alerts for any vulnerable dependencies it identifies. {% ifversion fpt or ghec %} Repository administrators can grant access to additional people or teams.{% endif %}
 
 {% data reusables.repositories.enable-security-alerts %}
 
 See [AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts).
 
-## Notifications for alerts
+{% ifversion dependabot-alerts-assignees %}
+
+## Alert ownership and assignments
+
+Users with write access or higher can assign {% data variables.product.prodname_dependabot_alerts %} to repository collaborators, teams, or {% data variables.product.prodname_copilot_short %} to establish clear ownership for vulnerability remediation. Assignments help track who's responsible for each alert and prevent vulnerabilities from being overlooked.
+
+When an alert is assigned, the assignee receives a notification and the alert displays their name in the alert list. You can filter alerts by assignee to track progress. Assigning an alert to {% data variables.product.prodname_copilot_short %} automatically generates a fix and opens a draft pull request for review.
+
+For information about assigning alerts, see [AUTOTITLE](/code-security/how-tos/manage-security-alerts/manage-dependabot-alerts/viewing-and-updating-dependabot-alerts#viewing-and-prioritizing-dependabot-alerts).
+
+{% endif %}
+
+## How alert notifications work
 
 By default, {% data variables.product.github %} sends email notifications about new alerts to people who both:
 
@@ -82,7 +94,7 @@ Alternatively, you can opt into the weekly email digest, or even completely turn
 
 {% ifversion copilot-chat-ghas-alerts %}
 
-## Asking {% data variables.copilot.copilot_chat %} about alerts
+## {% data variables.copilot.copilot_chat %} integration
 
 With a {% data variables.copilot.copilot_enterprise %} license, you can ask {% data variables.copilot.copilot_chat_short %} questions about {% data variables.product.prodname_dependabot_alerts %} in your organization's repositories. For more information, see [AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#asking-questions-about-alerts-from-github-advanced-security-features).
 

content/code-security/how-tos/manage-security-alerts/manage-dependabot-alerts/viewing-and-updating-dependabot-alerts.md

@@ -58,7 +58,7 @@ By default, alerts are sorted by **Most important**, which helps you prioritize
    ![Screenshot showing the "Tags" section in the alert details page.](/assets/images/help/repository/dependabot-alerts-tags-section.png)
 
 {% ifversion dependabot-alerts-assignees %}
-1. On the right panel,  select an assignee by using the **Assignees** dropdown list. This clearly communicates who is responsible for triaging the alert so that no effort is wasted on repetitive analysis without worrying that alerts might fall through the cracks.
+1. On the right panel, select an assignee by using the **Assignees** dropdown list. You can assign the alert to a user or team to establish clear ownership, or assign it to {% data variables.product.prodname_copilot_short %} to automatically generate a fix. This clearly communicates who is responsible for triaging the alert and helps you avoid repetitive analysis. It also ensures that alerts are not missed.
 {% endif %}
 
 1. Optionally, to suggest an improvement to the related security advisory, on the right-hand side of the alert details page, click **Suggest improvements for this advisory on the {% data variables.product.prodname_advisory_database %}**. See [AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database).

content/code-security/reference/security-at-scale/available-filters-for-security-overview.md

@@ -189,6 +189,9 @@ For more information about production context, see [AUTOTITLE](/code-security/se
 
 | Qualifier | Description |
 | -------- | -------- |
+|{% ifversion dependabot-alerts-assignees %}|
+| `assignee` | Display alerts by assignee username or team, for example: `assignee:@octocat`, `assignee:@copilot`, or `assignee:@github/security-team`.|
+|{% endif %}|
 |`ecosystem`|Display {% data variables.product.prodname_dependabot_alerts %} detected in a specified ecosystem, for example: `ecosystem:Maven`.|
 |{% ifversion fpt or ghec or ghes > 3.15 %}|
 |`epss_percentage`|Display {% data variables.product.prodname_dependabot_alerts %} whose EPSS score meets the defined criteria, for example: `epss_percentage:>=0.01`|

data/features/dependabot-alerts-assignees.yml

@@ -1,5 +1,5 @@
 # References:
-# Releases issue #7526 - Dependabot alerts assignees
+# Releases issue #7526 and docs-content issue #20888 - Dependabot alerts assignees
 versions:
   fpt: '*'
   ghec: '*'