New and Updated ISO and CSA STAR Certifications Are Now Available

The 2023 updates to our ISO/IEC 27001:2013 certificate can be downloaded now. In addition, we have completed the processes for ISO/IEC 27701:2019 (PII Processor), ISO/IEC 27018:2019, and CSA STAR certifications. Those certificates can also be downloaded now.

  • For enterprises, administrators may download this report by navigating to the Compliance tab of the enterprise account: https://github.com/enterprises/"your-enterprise"/settings/compliance.
  • For organizations, owners may find these reports under Security > Compliance settings tab of their organization: https://github.com/organizations/"your-org"/settings/compliance.

For detailed guidance on accessing these reports, read our compliance documentation for organizations and enterprises.

Check out the GitHub blog for more information.

Dependabot alerts can be enabled at the repository, organization, and enterprise levels in GHES 3.9

With GHES 3.9, you and your organization can better manage your Dependabot alerts thanks to more granular enablement controls. You can now enable Dependabot alerts at the repository, organization, and enterprise level, rather than having to enable Dependabot alerts across an entire enterprise at once.

This release also adds support for “automatically enable for new repositories” at the organization and enterprise levels.

Enterprise admins still need to opt in to Dependabot alerts via GitHub Connect, which approves outbound calls for advisories to sync.

Learn more about changes for GHES 3.9 for Dependabot.

See more

Code scanning with CodeQL supports Swift 5.8

After we released Swift in beta on the 1st June, we are now adding support for long awaited Swift 5.8.1 and Xcode 14.3.1. This release also brings better support for Swift 5.x on Linux, which now supports versions up to and including 5.8.1.

Swift 5.8.1 support is available starting with CodeQL version 2.13.5. Code scanning users on GitHub.com will automatically benefit from the latest CodeQL version, while those on GitHub Enterprise Server can update using these guidelines. Security researchers can set up the CodeQL CLI and VS Code extension by following these instructions.

While our Swift analysis support remains in public beta we welcome your input. If you have any feedback or questions about the Swift beta, consider joining our community in the #codeql-swift-beta channel in the GitHub Security Lab Slack.

See more
View all changes