Skip to content

Dependabot alerts show all affected files for vulnerable function calls (Python Beta)

Dependabot alerts now show all affected files if your repository code is calling known vulnerable functions from the dependency’s vulnerability. Previously, we only highlighted one of these matches on an alert’s detail page, but now users can view all affected files.

This feature supports our public beta of exposure detection for Python alerts. After beta testing with Python we will add support for other ecosystems. Keep an eye on the public roadmap for more information.

For more information, see our product documentation.

Enterprise administrators can now view a quick summary of the members associated with their enterprise on the enterprise account's member's page:<enterprise>/people. This new summary section breaks down user counts across roles, licenses, and deployments applicable to your enterprise.

See more

Our newly available ISO/IEC 27001:2013 Certification report can be downloaded now.

  • For enterprises, administrators may download this report by navigating to the Compliance tab of the enterprise account:"your-enterprise"/settings/compliance.
  • For organizations, owners may find these reports under 'Security' > Authentication Security settings tab of their organization:"your-org"/settings/security.
  • For everyone else, you may download this report at any time by navigating to the GitHub security page,

To learn more about this new report, check out our blog post.

See more