Enable or disable vulnerability alerts for a repository

Previously, you could only enable or disable repository vulnerability alerts by checking a box in a repository's settings. We understand that having to do this for a large amount of repositories is not an optimal user experience. We've heard your feedback and are pleased to announce that we have released a new set of endpoints to manage the vulnerability alerts setting for your repositories.

To access the new endpoints, you must provide a custom media type in the Accept header:


The first endpoint allows you to enable the vulnerability alerts setting:

PUT /repos/:owner/:repo/vulnerability-alerts

And the second endpoint allows you to disable the vulnerability alerts setting:

DELETE /repos/:owner/:repo/vulnerability-alerts

During the preview period, we may change aspects of these APIs based on developer feedback. If we do, we will announce the changes here on the developer blog, but we will not provide any advance notice.

If you have any questions or feedback, please let us know!

[Updated 06-10-19] You can also check whether repository alerts are enabled or disabled for a repository using a new endpoint.

  GET /repos/:owner/:repo/vulnerability-alerts