Skip to content

Track code scanning alerts in GitHub Issues using task lists (beta)

Code scanning alerts now integrate with GitHub Issues task lists to make it easy to prioritize and track your alerts with all your development work.

You can use the task list feature in markdown to track a code scanning alert in an issue. When you add a code scanning alert to a task list in an issue, a "tracked in" pill will show on the corresponding alert page. The code scanning alerts page also shows which alerts are tracked in issues.

You can also create a new issue from a code scanning alert, which automatically adds the code scanning alert to a task list in the new issue.
Demo: tracking code scanning alerts in task lists

This feature has now shipped in beta for all users on GitHub.com.

Learn more about tracking code scanning alerts in Issues using task lists.

Repository invites are now more accessible on GitHub.com

We made three improvements to the repository invite experience, so you can start contributing faster:

  1. You will now see notifications for private repository invites, just as you already do for public repositories.
  2. For pending invites to public repositories, you will now notice a banner on the repository overview, indicating that there is a pending invite.
  3. When you navigate to a private repository you have been invited to, you will now see a prompt to accept the invite instead of a 404 error page.
See more

Meta is now a GitHub secret scanning partner

GitHub secret scanning helps protect users by searching repositories for known types of secrets. By flagging leaked secrets, our scans can prevent data leaks and prevent the fraudulent use of accidentally committed secrets.

We have partnered with Meta to scan for their access tokens and help keep our mutual users secure. Our scan currently covers Facebook user access tokens and page access tokens. These tokens provide permissions to APIs that read, write, or modify the data belonging to a Facebook user or page.

We'll forward access tokens found in public repositories to Meta. Meta will then automatically invalidate tokens that have a valid session and notify app developers.

We continue to welcome new partners for public repo secret scanning. GitHub Advanced Security customers can also scan their private repositories for leaked secrets.

See more
View all changes