Automated security updates (formerly Dependabot and automated security fixes) are now generally available in all public repositories on GitHub. After a popular debut at Satellite 2019, more than 3.5 million active repositories have the feature enabled and receive automated pull requests that update them to the nearest non-vulnerable dependency versions. Thanks to all of our beta testers and Dependabot users for your feedback and support.
Token leaks are one of the most common security mistakes, and they can have disastrous consequences. GitHub Token Scanning looks for leaked tokens in public repositories and works with the issuer to notify the developer and/or revoke the token as appropriate. This protects users from fraud or data leaks. Starting today, GitHub has partnered with GoCardless, HashiCorp, Postman, and Tencent Cloud to scan for their respective developer tokens.
Learn more about token scanning
Partnering with GitHub on token scanning