NG Solution Team
Cybersecurity

What changes are coming to cloud data retention for closed security alerts?

As of August 25, 2026, GitHub will implement a new data retention policy for closed Dependabot security alerts. This policy defines how long alert data remains accessible and its location, applicable to GitHub.com and GitHub Enterprise Cloud, but not to GitHub Enterprise Server. The policy will be gradually introduced, starting with Dependabot alerts. GitHub ensures that Dependabot alerts are available for the duration of your account. Open alerts remain fully accessible through the UI and API, irrespective of their age. Closed alerts, however, will be fully accessible for two years after closure. Alerts closed for two or more years will transition to archival storage, from which they can be downloaded as a CSV by authorized personnel. Alert data is deleted if the related repository, organization, or account is removed, or if an enterprise agreement terminates. Archived alerts are maintained with full detail for the life of your account to meet regulatory needs and remain in the same region as your other data if you use GitHub Enterprise Cloud with data residency. On August 25, 2026, closed Dependabot alerts older than two years will be moved to archival storage and will not appear in the UI or API. Open alerts and those closed within the last two years will not be affected. Dependabot is the first alert type to adopt this policy, with exact timings for other alert types still being determined. Announcements will be made via the changelog with at least 60 days’ notice before changes take effect. Users are encouraged to query closed Dependabot alerts via the REST API before August 25, review any queries relying on alerts older than two years, and prepare to use the downloadable archive. Engage with the GitHub Community for further discussion.

Related posts

Could a cybersecurity breach impact 3 million Texas hunting and fishing license holders?

Emily Brown

Was the RAF Akrotiri security alert just a test?

David Jones

Has Novo Nordisk Fallen Victim to a Major Cybersecurity Breach?

Emily Brown

This website uses cookies to improve your experience. We assume you agree, but you can opt out if you wish. Accept More Info

Privacy & Cookies Policy