Why aren't Code Scanning alerts included in Security Alert Notifications?

[gf13579]

Watching Repos for Security Alerts

When you subscribe to Security Alert notifications for a repo you're notified of new vulnerable dependency alerts and - I believe - Secret Scanning alerts, but not Code Scanning alerts. Why not include Code Scanning alerts?

Suggestions

Surely Code Scanning alerts are just as relevant to someone explicitly choosing to opt into notifications for Security Alerts?

Related - it would great to be able to opt into these notifications at an Organization or Enterprise level rather than only have the WebHook mechanism for being alerted to new Code Scanning alerts. Having to opt-in to Security Notifications on a per-repo basis is painful.

[github-actions[bot]]

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬

[greg-ford-wcq]

From the documentation:

You can choose to subscribe to notifications for:

- A conversation in a specific issue, pull request, or gist
- All activity in a repository
- CI activity, such as the status of workflows in repositories set up with GitHub Actions
- Repository issues, pull requests, releases, security alerts, or discussions (if enabled)

Why would 'security alerts' not include Code Scanning alerts?

[github-actions[bot]]

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬

[gf13579]

Thank you for helping bring this Discussion to a resolution

There is no resolution. The lack of attention these discussions get from GitHub is frustrating

[MasterInQuestion]

    The stupid Spambot...
    https://github.com/orgs/community/discussions/70478#discussioncomment-10280678

    Maybe it wants you mark it as answer?