Track additional Dependabot configuration changes in audit logs

Two new event types are now available to track changes to Dependabot settings through your organization and enterprise audit logs.

Dependabot vulnerability updates toggle logs when someone enables or disables Dependabot vulnerability updates on a repository. Learn more in our dependabot_security_updates documentation.
Self-hosted runner configuration logs when someone enables or disables Dependabot on self-hosted runners. Learn more in our repository_dependency_updates_self_hosted documentation.

Each event captures the actor who made the change and when it occurred. You’ll find these events in your organization audit log or enterprise audit log. This new data allows you to:

Track configuration changes for compliance and auditing purposes.
Identify unauthorized modifications to security settings.
Perform forensic investigations when needed.

Join the discussion in the GitHub Community.

JUN.9Release
Dependabot version updates now support the Deno ecosystem
- Supply Chain Security
JUN.9Retired
Upcoming breaking changes for npm v12
- Supply Chain Security
MAY.26Release
Dependabot version updates now support the sbt ecosystem
- Supply Chain Security
MAY.22Release
Staged publishing and new install-time controls for npm
- Supply Chain Security
MAY.19Retired
Upcoming deprecation of Python 3.9 for Dependabot
- Supply Chain Security
MAY.12Retired
Synchronous SBOM API deprecated
- Supply Chain Security
MAY.11Improvement
Cross-org Dependabot access for internal repositories
- Supply Chain Security
MAY.6Release
Search and filter bar for repository security advisories
- Supply Chain Security
MAY.5Release
Dependency scanning with GitHub MCP Server is in public preview
- Supply Chain Security

Track additional Dependabot configuration changes in audit logs

Related Posts

Subscribe to our developer newsletter