GitHub has a brand new onboarding experience for users creating an account on github.com. From the homepage's vantage point in outer space, we'll guide you to a soft landing and get you started in no time!
Machine translation for Discussions content
🌏 Today we're releasing a new beta feature that allows you to translate GitHub Discussions content into different spoken languages. This initial beta release includes support for Korean, Brazilian Portuguese, and English, and we plan to add support for more languages soon.
This beta feature is now enabled for all users. To try it out, configure your web browser with Korean or Brazilian Portuguese as the default language, then navigate to any GitHub repo that has Discussions enabled. Click the overflow menu beside any discussion comment and you'll see a link to translate it to your preferred language:
To see some popular communities using GitHub Discussions, check out docs.github.com/discussions.
📣 Got feedback?
We'd love to hear what you think of this new feature and how it can be improved. Please join the discussions below to share your feedback.
- Brazilian Portuguese feedback
- Korean feedback
- English feedback
New severity levels for security alerts
We now show security-severity levels for CodeQL security alerts in code scanning. security-severity levels help you understand in more detail the risks posed by security alerts, allowing you to assess the potential impact of the alerts, and make the right decision on which alerts to fix first. The severity level of security alerts can be critical, high, medium, or low.
The new security-severity levels are displayed on all security alerts. For example, if a PR triggers security alerts, the security-severity is visible on the alert annotations under the Files changed tab. You can also see the security-severity for each alert present in a repository by clicking Security > Code scanning alerts.
About security severity levels
Security severity levels are displayed on code scanning alerts that are generated by security queries.
CodeQL automatically calculates security-severity levels and assigns an exact numerical score to each security query. To calculate the security-severity of an alert, we first group all CVEs reported by the CWEs assigned to the security query. We then calculate the 75th percentile of the CVSS score for those CVEs. Finally, we translate numerical scores to critical, high, medium, or low using the following definitions:
| Severity | Score Range |
|---|---|
| None | 0.0 |
| Low | 0.1 – 3.9 |
| Medium | 4.0 – 6.9 |
| High | 7.0 – 8.9 |
| Critical | 9.0 – 10.0 |
Defining which security-severity levels cause pull request check failure
By default, any code scanning alerts with a security-severity of critical or high will cause pull request check failure. You can specify which security-severity level for code scanning results should cause check failure by going to the Security & Analysis tab in the repository settings.
Severity levels for non-security alerts
Severity levels for non-security alerts remain as error, warning, or note. By default, any code scanning results with the severity of error will cause check failure. You can change this setting using the dropdown on the Security & Analysis tab in the repository settings. It allows two selections that apply to the security and non-security alerts.
Security severity levels in the code scanning API
You can also access security_severity_level data for security queries using the /alerts endpoint of the code scanning API.
How to add security-severity to a CodeQL query
You can add the expected security-severity level to the your custom security queries by adding the numerical score to the @security-severity query metadata property in the .ql file.
The new security-severity levels for security queries have been deployed to GitHub.com. These improvements will also be available in GitHub Enterprise Server 3.2.
Learn more about CodeQL and code scanning by reading the documentation.