Enhanced security overview dashboard – detection, remediation, and prevention at the forefront

Now, you can view Prevention metrics alongside Detection and Remediation metrics and in an enhanced security overview dashboard. This update is available at both the organization and enterprise levels.

New prevention tab on the security overview dashboard

New to the dashboard, the Prevention insights tab highlights CodeQL pull requests alerts and will soon include secret scanning push protection insights. It’s designed to help you shift from merely responding to vulnerabilities to actively preventing them, the ultimate goal in application security. With this dashboard, you and your team can proactively keep vulnerabilities at bay, successfully blocking threats before they ever reach production.

Deep dive into the CodeQL pull request alerts

For a deeper analysis, the new CodeQL pull request alerts report is also available at both the organization and enterprise levels. This report allows you to:

  • Track historical metrics for CodeQL pull request alerts
  • Monitor code as it progresses from feature branches to the default branch
  • Analyze metrics by CodeQL rule, autofix status, and repository

The enhanced dashboard is now generally available on GitHub Enterprise Cloud and will be available in GitHub Enterprise Server 3.16.

Learn more about pull request alerts and join the discussion within the GitHub Community

Sign-up for OpenAI o1 access on GitHub

You can now join the waitlist for early access to OpenAI o1 for use in GitHub Copilot in Visual Studio Code and GitHub Models. The waitlist is currently available to all Copilot users.

Join the waitlist for access to OpenAI o1 on GitHub.

In Visual Studio Code, you can choose to use o1-preview or o1-mini to power GitHub Copilot Chat in place of the current default model, GPT-4o.

Note: to access this feature, you’ll need to be on VS Code Insiders with the latest pre-release version of the Copilot Chat extension.

Model Picker in Visual Studio Code

In GitHub Models, you can use o1 models both in the playground and via the API. GitHub Models is currently in limited preview and you can sign up for access today.

OpenAI o1 in GitHub Models Playground

Access to these models will roll out progressively while in preview and usage will be rate-limited.

Join the discussion and share feedback with us via Discussions.

See more

Enable secret scanning for non-provider patterns for enterprises with the REST API

GitHub Advanced Security customers using secret scanning can now use the REST API to enable or disable support for non-provider patterns at the enterprise level. This enables you to manage your enterprise settings programatically.

The following endpoints have been updated:
Get code security and analysis features for an enterprise: check if non-provider patterns are enabled for the enterprise
Update code security and analysis features for an enterprise: enable or disable non-provider patterns for all new repositories in an enterprise
Enable or disable a security feature: enable or disable non-provider patterns for all existing repositories in an enterprise

Non-provider patterns scans for token types from generic providers, like private keys, auth headers, and connection strings.

Learn more about secret scanning and non-provider patterns.

See more
View all changes