Skip to content

Get global security advisories via REST API

You can now use the REST API to get global security advisories from the Advisory Database. This makes it easy to get access to the Advisory Database's free, open source list of actionable security advisories and CVEs which include machine readable mappings to the ecosystem, package name, and affected versions of impacted software.

Learn more about GitHub's global security advisories and the Advisory Database.

GitHub Issues & Projects – July 27th update

Today's Changelog brings you board swimlanes and the ability to create issues in repository groups!

🏊 Board swimlanes

You can now configure swimlanes on your boards by selecting a Group by field from the view configuration menu. This allows you to break up your items by different workstreams, team members, or priorities, similar to groups on tables and roadmaps. Drag and drop your items between columns and groups to quickly make adjustments, or add a new item directly.

swimlane

➕ Create issues in repository groups

You can now create issues when grouped by Repository on the table and roadmap layout. Click Create new issue or start typing the title to get started.

repo_groups

See how to use GitHub for project planning with GitHub Issues, check out what's on the roadmap, and learn more in the docs.

Questions or suggestions? Join the conversation in the community discussion.

See more

CodeQL updates from the first half of 2023

CodeQL is the analysis engine that powers GitHub code scanning for over 100,000 repositories. We continuously improve our analysis capabilities, language support and performance to help open source developers and enterprises catch vulnerabilities before they make their way into production code. CodeQL is also an instrumental tool for the security researcher community and was used to identify 36 new CVE.

We release updates and improvements for CodeQL on a regular basis. We don’t get to call out all the improvements, but we want to highlight some of the most important updates we’ve shipped for CodeQL in the first half of the year:

  • Shortly before WWDC in June, we added beta support for Swift, which together with Kotlin completes CodeQL’s support for next-generation mobile development.
  • We’ve updated CodeQL to support these new language versions (view all): Swift 5.8.1, C#11 , .NET 7, Kotlin 1.8, Go 1.20, TypeScript 5.0 & 5.1, Ruby 3.2, Java 20.
  • We saw a 16% average performance improvement for CodeQL analyses.
  • We improved CodeQL modelling for popular Ruby libraries (SQLite, MySQL, Rack) and added coverage for more than 5000 API methods in Java, increasing analysis coverage and reducing false negatives.
  • We released a new mechanism called default setup, to configure CodeQL at the repo and the organization level.
  • We added 4 new memory-corruption queries for C/C++, 6 new queries for Java, 1 for Python and adjusted over 100 queries across all languages.
  • We started showing actionable information on the tool status page.
  • Enabled scanning Python repositories without installing dependencies.
  • We made the release process faster, 1 week, and optimised the roll-out strategy to get you on the latest release as quick as possible, benefiting from the latest updates in CodeQL.
  • Deprecated CodeQL Action v1 and enabled Dependabot to automatically move you to a newer version.

These features have been shipped across multiple versions of CodeQL from 2.12.0 up to 2.14.0, which are shipped with GHES 3.9 and upcoming 3.10. All users of CodeQL code scanning on GitHub.com automatically benefit from the latest improvements.

See more
View all changes