github
Code scanning alerts can be assigned to individual users [Preview]
Value Prop
We have learned through extensive user feedback that in order to successfully remediate code scanning alerts it's of crucial importance that the work can be tracked and managed alongside other development work. We are adding assignees to code scanning alerts so that developers can more easily take ownership of the alerts they are responsible for and track the work to address the alerts without relying on external tracking systems. Similarly, security managers can track which issues are assigned in order to ensure that most important risks are being addressed and more easily audit alert activity across a single surface
Expected Outcome
Users will be able to plan and track the work required to address high priority code scanning alerts alongside their day-to-day development -- resulting in better engagement with the alerts and improved remediation outcomes.
🚢 This has shipped: https://github.blog/changelog/2025-09-23-accelerate-remediation-with-security-campaigns-and-assignable-alerts-for-code-scanning-and-secret-scanning.
Leaving open to track for GHES release.
