GitHub Security Advisories, which launched in beta earlier this year, are now generally available. And we’ve made some exciting changes based on feedback from maintainers. First, we’ve added the ability to automatically request a CVE identifier for any Security Advisory. We’ve also refined the process of creating and publishing a Security Advisory, so that it’s clearer when the advisory will become public and easier to provide the information needed to power automatic dependency updates via the GitHub Advisory Database.
Scheduled reminders (beta)
Keep your projects moving and merge pull requests faster with scheduled reminders.
Send Slack notifications for pending code reviews to the channel of your choice and avoid missing important reviews. This feature enables teams to focus on the most important code reviews requiring their attention and ensure pull requests do not become stale.
Once you sign up for the beta, scheduled reminders are available for all users who are members of the organization.
Token leaks are one of the most common security mistakes, and they can have disastrous consequences. GitHub Token Scanning looks for leaked tokens in public repositories and works with the issuer to notify the developer and/or revoke the token as appropriate. This protects users from fraud or data leaks. Starting today, GitHub has partnered with GoCardless, HashiCorp, Postman, and Tencent Cloud to scan for their respective developer tokens.
Learn more about token scanning
Partnering with GitHub on token scanning