From 15dc2af377cfb92870255d7c716d3d33c750f340 Mon Sep 17 00:00:00 2001
From: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
Date: Thu, 18 Dec 2025 12:25:39 -0500
Subject: [PATCH] Add content for Dependabot delegated alert dismissal (#58850)
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
---
...urity-configuration-for-your-enterprise.md | 6 ++-
...overnance-framework-for-your-enterprise.md | 5 +-
...gated-alert-dismissal-for-code-scanning.md | 4 ++
.../enable-delegated-alert-dismissal.md | 51 +++++++++++++++++++
.../dependabot/dependabot-alerts/index.md | 1 +
...ted-alert-dismissal-for-secret-scanning.md | 4 ++
...reating-a-custom-security-configuration.md | 6 ++-
.../code-security/security-overview/index.md | 1 +
.../review-alert-dismissal-requests.md | 43 ++++++++++++++++
.../roles-in-an-organization.md | 8 +++
.../dependabot-delegated-alert-dismissal.yml | 6 +++
.../choose-alert-dismissal-request-view.md | 4 ++
.../review-an-alert-dismissal-request.md | 5 ++
.../delegated-alert-dismissal-intro.md | 28 ++++------
14 files changed, 148 insertions(+), 24 deletions(-)
create mode 100644 content/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal.md
create mode 100644 content/code-security/security-overview/review-alert-dismissal-requests.md
create mode 100644 data/features/dependabot-delegated-alert-dismissal.yml
create mode 100644 data/reusables/security-overview/choose-alert-dismissal-request-view.md
create mode 100644 data/reusables/security-overview/review-an-alert-dismissal-request.md
diff --git a/content/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise.md b/content/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise.md
index a1a8c64096..340339e3de 100644
--- a/content/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise.md
+++ b/content/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise.md
@@ -69,7 +69,8 @@ When creating a security configuration, keep in mind that:
> When both "{% data variables.product.prodname_code_security %}" and Dependency graph are enabled, this enables dependency review, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).{%- ifversion maven-transitive-dependencies %}
* **Automatic dependency submission**. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %}
* **{% data variables.product.prodname_dependabot %} alerts**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
- * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion fpt or ghec %}
+ * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion dependabot-delegated-alert-dismissal %}
+ * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal).{% endif %}{% ifversion fpt or ghec %}
1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).{% endif %}
1. Optionally, in the "Policy" section, you can use additional options to control how the configuration is applied:
* **Use as default for newly created repositories**. Select the **None** {% octicon "triangle-down" aria-hidden="true" aria-label="triangle-down" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**.
@@ -108,7 +109,8 @@ When creating a security configuration, keep in mind that:
> When both "{% data variables.product.prodname_GHAS %}" and Dependency graph are enabled, this enables dependency review, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).{%- ifversion maven-transitive-dependencies %}
* **Automatic dependency submission**. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %}
* **{% data variables.product.prodname_dependabot %} alerts**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
- * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion fpt or ghec %}
+ * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion dependabot-delegated-alert-dismissal %}
+ * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal).{% endif %}{% ifversion fpt or ghec %}
1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).{% endif %}
1. Optionally, in the "Policy" section, you can use additional options to control how the configuration is applied:
* **Use as default for newly created repositories**. Select the **None** {% octicon "triangle-down" aria-hidden="true" aria-label="triangle-down" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**.
diff --git a/content/admin/overview/establishing-a-governance-framework-for-your-enterprise.md b/content/admin/overview/establishing-a-governance-framework-for-your-enterprise.md
index efcaada1ca..6203f9f248 100644
--- a/content/admin/overview/establishing-a-governance-framework-for-your-enterprise.md
+++ b/content/admin/overview/establishing-a-governance-framework-for-your-enterprise.md
@@ -122,7 +122,10 @@ You may want to set up an approval process for better control over who in your e
Approval processes are available for:
* Bypasses of push protection—You can choose who is allowed to bypass push protection, and add a review and approval cycle for pushes containing secrets from all other contributors. For more information about **delegated bypass for push protection**, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection).{% ifversion security-delegated-alert-dismissal %}
-* Dismissals of alerts for {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}—You can provide additional control and visibility over alert assessment by ensuring that only designated individuals can dismiss (or close) alerts. For more information about **delegated alert dismissal**, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning) and [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning).
+* Dismissals of alerts for {% data variables.product.prodname_code_scanning %}{% ifversion dependabot-delegated-alert-dismissal %}, {% data variables.product.prodname_dependabot %},{% endif %} and {% data variables.product.prodname_secret_scanning %}—You can provide additional control and visibility over alert assessment by ensuring that only designated individuals can dismiss (or close) alerts. For more information about **delegated alert dismissal**, see the following articles:
+ * [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning){% ifversion dependabot-delegated-alert-dismissal %}
+ * [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal){% endif %}
+ * [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning)
{% endif %}
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning.md
index d60a6e0e9e..89e926e049 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning.md
@@ -46,3 +46,7 @@ You must configure delegated dismissal for your enterprise using a custom securi
1. Apply the security configuration to all (or selected) repositories in your enterprise. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise).
To learn more about security configurations, see [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale).
+
+## Next steps
+
+Now that you have enabled delegated alert dismissal for {% data variables.product.prodname_code_scanning %}, you should regularly review alert dismissal requests to maintain an accurate alert count and unblock your developers. See [AUTOTITLE](/code-security/security-overview/review-alert-dismissal-requests).
diff --git a/content/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal.md b/content/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal.md
new file mode 100644
index 0000000000..b718d5df5a
--- /dev/null
+++ b/content/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal.md
@@ -0,0 +1,51 @@
+---
+title: Enabling delegated alert dismissal for Dependabot
+intro: 'Increase your governance over your {% data variables.product.prodname_dependabot_alerts %} with delegated alert dismissal.'
+permissions: '{% data reusables.permissions.delegated-alert-dismissal %}'
+shortTitle: Enable delegated alert dismissal
+versions:
+ feature: dependabot-delegated-alert-dismissal
+type: how_to
+topics:
+ - Dependabot
+ - Code Security
+ - Security updates
+ - Alerts
+ - Dependencies
+---
+
+## About enabling delegated alert dismissal
+
+{% data reusables.security.delegated-alert-dismissal-intro %}
+
+## Configuring delegated dismissal for a repository
+
+>[!NOTE] If an organization owner configures delegated alert dismissal via an enforced security configuration, the settings can't be changed at the repository level.
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}{% ifversion ghas-products %}{% else %}
+{% data reusables.repositories.navigate-to-ghas-settings %}{% endif %}
+1. In the "{% data variables.product.prodname_dependabot %}" section, next to "Prevent direct alert dismissals", click **Enable**.
+
+## Configuring delegated dismissal for an organization
+
+You must configure delegated dismissal for your organization using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your organization.
+
+1. Start creating or editing a custom security configuration. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration#creating-a-custom-security-configuration).
+1. In the "Dependency scanning" section of your security configuration, set "Prevent direct alert dismissals" to **Enabled**.
+1. Click **Save configuration**.
+1. Apply the security configuration to repositories in your organization. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration).
+
+## Configuring delegated dismissal for an enterprise
+
+You must configure delegated dismissal for your enterprise using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your enterprise.
+
+1. Start creating or editing a custom security configuration. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise).
+1. In the "Dependency scanning" section of your security configuration, set "Prevent direct alert dismissals" to **Enabled**.
+1. Click **Save configuration**.
+1. Apply the security configuration to repositories in your enterprise. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise).
+
+## Next steps
+
+Now that you have enabled delegated alert dismissal for {% data variables.product.prodname_dependabot %}, you should regularly review alert dismissal requests to maintain an accurate alert count and unblock your developers. See [AUTOTITLE](/code-security/security-overview/review-alert-dismissal-requests).
diff --git a/content/code-security/dependabot/dependabot-alerts/index.md b/content/code-security/dependabot/dependabot-alerts/index.md
index 3386f9ef44..ddccbfa0b7 100644
--- a/content/code-security/dependabot/dependabot-alerts/index.md
+++ b/content/code-security/dependabot/dependabot-alerts/index.md
@@ -17,5 +17,6 @@ children:
- /about-dependabot-alerts
- /configuring-dependabot-alerts
- /viewing-and-updating-dependabot-alerts
+ - /enable-delegated-alert-dismissal
- /configuring-notifications-for-dependabot-alerts
---
diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning.md
index f973dc63f2..8b365c27e8 100644
--- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning.md
+++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning.md
@@ -51,3 +51,7 @@ To learn more about security configurations, see [AUTOTITLE](/code-security/secu
1. Apply the security configuration to all (or selected) repositories in your enterprise. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise).
{% endif %}
+
+## Next steps
+
+Now that you have enabled delegated alert dismissal for {% data variables.product.prodname_secret_scanning %}, you should regularly review alert dismissal requests to maintain an accurate alert count and unblock your developers. See [AUTOTITLE](/code-security/security-overview/review-alert-dismissal-requests).
diff --git a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration.md b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration.md
index 7579165d9a..b1d7ced985 100644
--- a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration.md
+++ b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration.md
@@ -70,7 +70,8 @@ You can also choose whether or not you want to include {% data variables.product
> When both "{% data variables.product.prodname_code_security %}" and Dependency graph are enabled, this enables dependency review, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).{%- ifversion maven-transitive-dependencies %}
* **Automatic dependency submission**. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %}
* **{% data variables.product.prodname_dependabot %} alerts**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
- * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion fpt or ghec %}
+ * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion dependabot-delegated-alert-dismissal %}
+ * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal).{% endif %}{% ifversion fpt or ghec %}
1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).{% endif %}
1. Optionally, in the "Policy" section, you can use additional options to control how the configuration is applied:
* **Use as default for newly created repositories**. Select the **None** {% octicon "triangle-down" aria-hidden="true" aria-label="triangle-down" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**.
@@ -110,7 +111,8 @@ You can also choose whether or not you want to include {% data variables.product
> When both "{% data variables.product.prodname_GHAS %}" and Dependency graph are enabled, this enables dependency review, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).{%- ifversion maven-transitive-dependencies %}
* **Automatic dependency submission**. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %}
* **{% data variables.product.prodname_dependabot %} alerts**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
- * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion fpt or ghec %}
+ * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion dependabot-delegated-alert-dismissal %}
+ * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal).{% endif %}{% ifversion fpt or ghec %}
1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).{% endif %}
1. Optionally, in the "Policy" section, you can use additional options to control how the configuration is applied:
* **Use as default for newly created repositories**. Select the **None** {% octicon "triangle-down" aria-hidden="true" aria-label="triangle-down" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**.
diff --git a/content/code-security/security-overview/index.md b/content/code-security/security-overview/index.md
index a43bb2c8b4..f90ce3e7af 100644
--- a/content/code-security/security-overview/index.md
+++ b/content/code-security/security-overview/index.md
@@ -24,4 +24,5 @@ children:
- /viewing-metrics-for-secret-scanning-push-protection
- /viewing-metrics-for-pull-request-alerts
- /reviewing-requests-to-bypass-push-protection
+ - /review-alert-dismissal-requests
---
diff --git a/content/code-security/security-overview/review-alert-dismissal-requests.md b/content/code-security/security-overview/review-alert-dismissal-requests.md
new file mode 100644
index 0000000000..a02f08b0f5
--- /dev/null
+++ b/content/code-security/security-overview/review-alert-dismissal-requests.md
@@ -0,0 +1,43 @@
+---
+title: Reviewing alert dismissal requests
+shortTitle: Review alert dismissal requests
+intro: 'Triage and resolve security alerts in your organization or enterprise by regularly reviewing alert dismissal requests.'
+permissions: '{% data reusables.permissions.security-overview %}'
+product: 'Organizations or enterprises with {% data variables.product.prodname_GHAS_cs_or_sp %}'
+type: how_to
+topics:
+ - Security overview
+ - Organizations
+ - Teams
+ - Secret scanning
+ - Code scanning
+ - Dependabot
+ - Alerts
+versions:
+ feature: security-delegated-alert-dismissal
+---
+
+## Prerequisites
+
+To receive and manage alert dismissal requests, you need to enable delegated alert dismissal. For an introduction to delegated alert dismissal and enablement instructions for specific features, see:
+* [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning)
+* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning){% ifversion dependabot-delegated-alert-dismissal %}
+* [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal){% endif %}
+
+## Reviewing requests for an organization
+
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.security-overview %}
+{% data reusables.security-overview.choose-alert-dismissal-request-view %}
+1. Optionally, to filter requests by source repository, reviewer, requester, timeframe, or status, use the dropdown menus at the top of the list of requests.
+{% data reusables.security-overview.review-an-alert-dismissal-request %}
+
+## Reviewing requests across your enterprise
+
+> [!NOTE] To review an alert dismissal request at the enterprise level, you must be an organization owner or security manager for the source organization, or be granted the necessary permissions through a custom role.
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.code-scanning.click-code-security-enterprise %}
+{% data reusables.security-overview.choose-alert-dismissal-request-view %}
+1. Optionally, to filter requests by source organization, reviewer, requester, timeframe, or status, use the dropdown menus at the top of the list of requests.
+{% data reusables.security-overview.review-an-alert-dismissal-request %}
diff --git a/content/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization.md b/content/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization.md
index f301d7a2f0..433ebe1a5f 100644
--- a/content/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization.md
+++ b/content/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization.md
@@ -205,6 +205,10 @@ Some of the features listed below are limited to organizations using {% data var
| {% ifversion security-delegated-alert-dismissal %} |
| Review and manage {% data variables.product.prodname_code_scanning %} dismissal requests (see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning)) | ✓ | ✗ | ✗ | ✗ | ✓ |
| {% endif %} |
+| {% ifversion dependabot-delegated-alert-dismissal %} |
+| Review {% data variables.product.prodname_dependabot %} alert dismissal requests (see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal)) | ✓ | ✗ | ✗ | ✗ | ✓ |
+| Bypass {% data variables.product.prodname_dependabot %} alert dismissal requests (see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal)) | ✓ | ✗ | ✗ | ✗ | ✓ |
+| {% endif %} |
{% endrowheaders %}
@@ -242,6 +246,10 @@ Some of the features listed below are limited to organizations using {% data var
| {% ifversion security-delegated-alert-dismissal %} |
| Review and manage {% data variables.product.prodname_code_scanning %} dismissal requests | ✓ | ✗ | ✓ |
| {% endif %} |
+| {% ifversion dependabot-delegated-alert-dismissal %} |
+| Review {% data variables.product.prodname_dependabot %} alert dismissal requests | ✓ | ✗ | ✓ |
+| Bypass {% data variables.product.prodname_dependabot %} alert dismissal requests | ✓ | ✗ | ✓ |
+| {% endif %} |
| Manage {% data variables.product.prodname_dependabot_security_updates %} (see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)) | ✓ | ✗ | ✓ |
| Manage an organization's SSH certificate authorities (see [AUTOTITLE](/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities)) | ✓ | ✗ | ✗ |
| {% ifversion projects-v1 %} |
diff --git a/data/features/dependabot-delegated-alert-dismissal.yml b/data/features/dependabot-delegated-alert-dismissal.yml
new file mode 100644
index 0000000000..de7d60e74f
--- /dev/null
+++ b/data/features/dependabot-delegated-alert-dismissal.yml
@@ -0,0 +1,6 @@
+# Reference: #20482
+# Delegated alert dismissal for Dependabot
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '> 3.20'
diff --git a/data/reusables/security-overview/choose-alert-dismissal-request-view.md b/data/reusables/security-overview/choose-alert-dismissal-request-view.md
new file mode 100644
index 0000000000..0c727ccf56
--- /dev/null
+++ b/data/reusables/security-overview/choose-alert-dismissal-request-view.md
@@ -0,0 +1,4 @@
+1. In the "Requests" section of the sidebar, click any of the following options to review alert dismissal requests for the relevant feature:
+ * {% octicon "key" aria-hidden="true" aria-label="key" %} **{% data variables.product.prodname_secret_scanning_caps %} alert dismissal**
+ * {% octicon "codescan" aria-hidden="true" aria-label="codescan" %} **{% data variables.product.prodname_code_scanning_caps %} alert dismissal**{% ifversion dependabot-delegated-alert-dismissal %}
+ * {% octicon "dependabot" aria-hidden="true" aria-label="dependabot" %} **{% data variables.product.prodname_dependabot %} alert dismissal**{% endif %}
diff --git a/data/reusables/security-overview/review-an-alert-dismissal-request.md b/data/reusables/security-overview/review-an-alert-dismissal-request.md
new file mode 100644
index 0000000000..d10acf3927
--- /dev/null
+++ b/data/reusables/security-overview/review-an-alert-dismissal-request.md
@@ -0,0 +1,5 @@
+1. Click the request you want to review.
+1. Read the contents of the alert, as well as the requester's reasoning for the dismissal request.
+1. Next to the dismissal request in the alert timeline, click **Review request**.
+1. Provide any comments for the requester in the text box, then select either **Deny request** or **Approve request**.
+1. Click **Submit review**.
diff --git a/data/reusables/security/delegated-alert-dismissal-intro.md b/data/reusables/security/delegated-alert-dismissal-intro.md
index 79b0dcb471..257d6b93e8 100644
--- a/data/reusables/security/delegated-alert-dismissal-intro.md
+++ b/data/reusables/security/delegated-alert-dismissal-intro.md
@@ -1,23 +1,13 @@
-Delegated alert dismissal lets you restrict which users can directly dismiss an alert. When the feature is enabled, users attempting to dismiss an alert will instead create a request for dismissal.
+Delegated alert dismissal lets you restrict which users can directly dismiss an alert. When the feature is enabled:
+* Users with write access to a repository must request to dismiss alerts in that repository.
+* Organization owners and security managers can approve or deny dismissal requests, as well as dismiss alerts directly themselves.
-Enabling the feature automatically assigns organization owners and security managers with the permission to approve or deny dismissal requests for alerts. This permission is:
+You can also use custom roles with the following permissions to let other team members manage requests and dismiss alerts directly:
-* "Review and manage {% data variables.product.prodname_code_scanning %} alert dismissal requests" permission for {% data variables.product.prodname_code_scanning %}.
+* For {% data variables.product.prodname_code_scanning %}: "Review {% data variables.product.prodname_code_scanning %} alert dismissal requests" and "Bypass {% data variables.product.prodname_code_scanning %} alert dismissal requests"
+* For {% data variables.product.prodname_secret_scanning %}: "Review and manage {% data variables.product.prodname_secret_scanning %} alert dismissal requests"
+* For {% data variables.product.prodname_dependabot %}: "Review {% data variables.product.prodname_dependabot %} alert dismissal requests" and "Bypass {% data variables.product.prodname_dependabot %} alert dismissal requests"
-* "Review and manage {% data variables.product.prodname_secret_scanning %} alert dismissal requests" permission for {% data variables.product.prodname_secret_scanning %}. This permission can also be applied to custom roles. Individuals in these custom roles must also have the following permissions, which grant access to alerts in all repositories:
+Reviewers are notified of dismissal requests via email, and can either approve the request to dismiss the alert, or deny the request to leave the alert open. After a request is reviewed, the requester is notified of the outcome via email.
- * "View {% data variables.product.prodname_secret_scanning %} alerts"
- * "Dismiss or reopen {% data variables.product.prodname_secret_scanning %} alerts"
-
-For more information about these permissions, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#permissions-for-organization-roles).
-
-To learn more about the security manager role, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization).
-
->[!NOTE] The implementation of this approval process can potentially cause some friction, so it's important to ensure that the team of security managers has adequate coverage before proceeding.
-
-Reviewers (security managers and organization owners):
-
-* Get an email notification for requests. These users need to ensure that they can review these lists periodically, so that there is no backlog and that the process is smooth.
-* Can process requests in a dedicated view in the "Security" tab of the organization. An alert will only be dismissed if the dismissal request is approved; otherwise, the alert will remain open.
-
-Requesters will get an email notification with the decision as to whether the alert can be dismissed or not.
+>[!NOTE] The implementation of this approval process can potentially cause some friction, so it's important to ensure that the team of security managers has adequate coverage to review dismissal requests regularly before proceeding.