New advanced filters for code security configurations

When reviewing code security configurations, you can now more easily filter repositories with new filter options.

The new filters allow you to sort repositories based on the status of specific features or GHAS itself:

  • advanced-security:enabled
  • dependabot-alerts:enabled
  • dependabot-security-updates:enabled
  • code-scanning-alerts:enabled
  • code-scanning-default-setup:enabled
  • code-scanning-pull-request-alerts:enabled
  • secret-scanning-alerts:enabled
  • secret-scanning-push-protection:enabled

Note that :disabled also works for each of the filters above to achieve the inverse.

Additionally, you can filter based on whether or not a repository is eligible for code scanning default setup:
– code-scanning-default-setup:eligible
– code-scanning-default-setup:not-eligible

These filters are available for organizations with GitHub Advanced Security (GHAS) enabled, and are only available in the UI at this time.

Learn more about code security configurations and send us your feedback.

Now available for free on all public repositories: Copilot Autofix for CodeQL code scanning alerts

Now you can remediate existing security issues in your public repositories faster with Copilot Autofix for CodeQL alerts. Following our general availability release for all Advanced Security customers, Copilot Autofix for CodeQL alerts is now generally available (GA) for all public repositories, for free.

Powered by GitHub Copilot, this feature provides automatic fixes for vulnerabilities found by CodeQL, both on pull requests and for historical alerts that already exist in a codebase.

Importantly, you stay in full control of your codebase: Copilot Autofix will try and suggest fixes for CodeQL alerts in pull requests, but it’s ultimately up to you to decide whether you wish to accept Copilot’s suggestion wholly, partially, or not at all. The same applies to historical alerts in a codebase: you can request an autofix from Copilot, then review it, and decide whether you want to open a PR with the fix suggestion or commit straight to the affected branch (or neither).

Example of Copilot Autofix generation on the alert page

Copilot Autofix is available for all public repositories that use code scanning CodeQL, and is enabled by default for alerts on PRs. It does not generate additional notifications. If you would like to enable Copilot Autofix on your organization’s private repositories, please have a look at this blog post where we announce Autofix for GitHub Advanced Security.

For more information, see: About Copilot Autofix for CodeQL code scanning. If you have feedback for Copilot Autofix for code scanning, please join the discussion here.

See more

Manage secret scanning bypass requests at the organization level

GitHub Advanced Security customers that have enabled delegated bypass rules for push protection can now manage and review their bypass requests at the organization level. The list is located within the Security tab of your organization.

To view and manage requests from this list, you must either be an organization owner, security manager, or have the fine-grained permission to review and manage push protection bypass requests within your organization.

Learn more about secret scanning or delegated bypass. If you have feedback, we would love for you to join the discussion within GitHub Community.

See more
View all changes