For customers of GitHub Advanced Security running LGTM Enterprise, we have released LGTM Enterprise v1.26.0. This release is recommended for all LGTM Enterprise customers and includes several bug fixes, as well as the latest version of the CodeQL CLI and the most up-to-date queries. For more information, check the CodeQL CLI Changelog.
GitHub Advanced Security can now be enabled/disabled at the repository or organization level
GitHub Advanced Security is an add-on to GitHub Enterprise which allows you to use security features like code scanning, secret scanning, and dependency review on your private repositories. To help administrators configure these features, the repository and organization settings now include controls on the use of GitHub Advanced Security features on private repositories.
Public repositories are unaffected and can access GitHub Advanced Security features by default.
Learn more about enabling Advanced Security features on GitHub.com
Dependabot version updates now support
- Kotlin manifest files like
.gradle.kts(gradle) - PHP using the latest
composer v2(composer)
These are possible thanks to community contributions to Dependabot. If you’d like to contribute an improvement to Dependabot’s support for an existing ecosystem, check out Dependabot’s contributing guidelines. At this time, we’re taking a short break from accepting new ecosystem additions in order to update support for existing ecosystems.
To enable version updates and add support for these package managers, check in a dependabot.yml file with the specified package-ecosystem.