Skip to content

Passkeys Public Beta

Passkeys are a replacement for passwords when signing in, providing higher security, ease-of-use, and loss-protection. They're now available on GitHub.com as a public beta – see this blog post for more information.

This public beta is open to all users with a password, regardless of whether you use 2FA. To get started, enable passkeys as a feature preview.

By using passkeys, you no longer need to enter a password, or even your username, when you sign in – nor do you need to perform 2FA, if you have 2FA enabled on your account. That's because passkeys validate your identity, as well as possession of a device, so they count as two authentication factors in one.

Once enrolled, you can register a brand new passkey and upgrade many security keys to a passkey. If you're enrolled in the preview, the next time you use an eligible security key you'll be asked to upgrade it.
Screenshot of the security key upgrade prompt, asking the user if they'd like to upgrade a security key called 'fingerprint' to a passkey.

To learn more, check out this blog post about passkeys, as well as "About passkeys" in our documentation. If you have any feedback, please drop us a note in our public discussion – we're excited for this advance in account security, and would love to understand how we can make it better for you.

Code scanning with CodeQL no longer installs Python dependencies automatically for new users

When analyzing a Python project with code scanning using CodeQL through advanced setup, we would try to automatically install dependencies for the project. Over the past months and years, we’ve made significant improvements to the Python analysis, which means CodeQL no longer needs to fetch these dependencies in order to analyze a codebase.

Therefore, starting now, we have disabled automatic dependency installation for new users of CodeQL for Python. This should improve scan times for Python projects, while having minimal impact on results. Code scanning users that have already set up CodeQL to scan at least one Python project will not see any changes to newly configured repos: the new behaviour only applies to those with no prior Python projects set up. We encourage existing users that configured code scanning with CodeQL via advanced setup to disable dependency installation by setting setup-python-dependencies: false as described in documentation.

Users of GitHub Enterprise Server (GHES) will benefit from this change starting version 3.11. We plan to deprecate all dependency installation (including for existing users) by the end of 2023.

See more

Update and Show Status of Dependabot Security Updates in API

You will now be able to see whether Dependabot security updates are enabled or disabled in the security and analysis block within the repository information you can fetch from the REST API, and enable or disable them via API requests.

For more information, you can check out our repository API documentation.

See more
View all changes