Value Prop
Dependabot can now generate security alerts for artifacts—such as containers, packages, and executables—as well as dependencies on non-default branches. By uploading a software bill of materials (SBOM) to GitHub's snapshot service and flagging it as alert-worthy, teams gain continuous vulnerability monitoring for every released artifact and long-running branch, not just the default branch. This closes a critical blind spot where production services and shipped products could be silently exposed to newly discovered vulnerabilities in pinned dependency versions.
Expected Outcome
Non-default branch alerting is the most highly requested Dependabot feature in customer feedback. With this release, customers can detect zero-day vulnerabilities in any released artifact or long-lived branch—ensuring that the software they ship and operate stays protected even after the repository has moved on. We expect this to significantly reduce unpatched exposure windows, strengthen end-to-end supply chain security, and reinforce GitHub as the trusted platform for securing the entire software delivery pipeline.
Value Prop
Dependabot can now generate security alerts for artifacts—such as containers, packages, and executables—as well as dependencies on non-default branches. By uploading a software bill of materials (SBOM) to GitHub's snapshot service and flagging it as alert-worthy, teams gain continuous vulnerability monitoring for every released artifact and long-running branch, not just the default branch. This closes a critical blind spot where production services and shipped products could be silently exposed to newly discovered vulnerabilities in pinned dependency versions.
Expected Outcome
Non-default branch alerting is the most highly requested Dependabot feature in customer feedback. With this release, customers can detect zero-day vulnerabilities in any released artifact or long-lived branch—ensuring that the software they ship and operate stays protected even after the repository has moved on. We expect this to significantly reduce unpatched exposure windows, strengthen end-to-end supply chain security, and reinforce GitHub as the trusted platform for securing the entire software delivery pipeline.