Software security is a collective problem, a responsibility that involves producers and consumers of code, open source maintainers, security researchers, and security teams. At GitHub, we want to give the community the tools it needs to secure the software we all depend on.

Today we’re announcing a big step in securing the open source supply chain: we’re welcoming Semmle to the GitHub family.

The dependency graph is rolling out for all PHP repositories with Composer dependencies. In addition to Composer, GitHub supports package managers for many other programming languages, including Maven, NPM, Yarn, and Nuget.  

Our help documentation, covering topics from GitHub.com, GitHub Enterprise, GitHub Desktop, and GitHub Pages is now available in Spanish.

Easily understand why your GitHub Pages build failed. Pages is now a GitHub App–so you can view the status of your builds with the Checks interface.

We’ve introduced the ability to proxy packages from the npm registry through GitHub Package Registry for easier configuration and consolidation. Read more about the change and opt in to try it out.

GitHub Sponsors now features a new streamlined onboarding and payment experience with Stripe Connect.

GitHub Enterprise Cloud recently finished a security audit with the release of SOC 1 and 2 Type 2 reports.

The WebAuthn standard for security keys is making authentication as easy as possible. Now you can use security keys for second-factor authentication on GitHub with many more browsers and devices.

Token scanning has reached a new milestone: one billion tokens identified. We’ve also added five new partners—Atlassian, Dropbox, Discord, Proctorio, and Pulumi.