New SSH CAs must sign expiring certificates
SSH CAs uploaded to GitHub.com after March 27th, or in GHES 3.13 and beyond, can only sign certificates that expire. They must expire within 366 days of being created. While…
Improved error handling for Dependabot updates for NuGet
Dependabot will now fail gracefully with informative error messages when an unsupported NuGet project type is encountered. If you were using an unsupported project type previously, Dependabot might have failed…
OpenSSF Scorecard info is now available in the Dependency Review Action
Dependency review helps you understand dependency changes and the security impact of these changes at every pull request. We have updated the dependency review action to include information from the…
Code scanning now suggests AI-powered autofixes for CodeQL alerts in pull request (beta)
Code scanning autofix is now available in public beta for all GitHub Advanced Security customers. Powered by GitHub Copilot, code scanning suggests fixes for Javascript, Typescript, Java, and Python alerts…
Enablement trends for security products (public beta)
You can now monitor enablement trends for all security products within your GitHub organization. This functionality is designed to give you a detailed overview of how your organization is implementing…
Logging SAML SSO and SCIM identity data in audit log events is generally available
Starting today for GitHub Enterprise Cloud and as part of GitHub Enterprise Server version 3.13, enterprise and organization audit log events will include the applicable SAML and SCIM identity data…
Dependabot security updates work with private registries even if target branch is specified
Previously, if you specified your private registry configuration in the dependabot.yml file and also had a configuration block for that ecosystem using the target-branch key, Dependabot security updates wouldn’t utilize…
Dependabot will now pause scheduled jobs after 15 failures
Previously, if Dependabot encountered 30 consecutive failures, it would stop running scheduled jobs until manual intervention via updating the dependency graph or manifest file. Dependabot will now pause scheduled jobs…
Sponsors now supports Polar and Buy Me a Coffee as funding platform options
Sponsors now supports Polar and Buy Me a Coffee as funding platform options. Check out our documentation to learn more about funding files.
Precise code navigation for TypeScript projects
Precise code navigation is now available for all TypeScript repositories. Precise code navigation gives more accurate results by only considering the set of classes, functions, and imported definitions that are…
Authenticate ORCID iD
We’re excited to announce that GitHub is partnering with ORCID. You can now authenticate your ORCID account with your GitHub account, and display your ORCID iD on your public GitHub…
[Public Beta] Bring Your Own Identity Provider to Enterprise Managed Users
New customers of GHEC enterprise managed users (EMUs) can now use the SSO and SCIM providers of their choice, separate from one another, for a more flexible approach to user…
CodeQL 2.16.4: AI-powered autofixes for Java, support for C# 12 & Go 1.22, new queries
CodeQL is the static analysis engine that powers GitHub code scanning. CodeQL version 2.16.4 has been released and has now been rolled out to code scanning users on GitHub.com. CodeQL…
Secret scanning AI-generated custom patterns (public beta)
Secret scanning now helps you more easily define custom patterns with GitHub Copilot. As of today, you can leverage AI to generate custom patterns without expert knowledge of regular expressions.…
Secret scanning and push protection are enabled by default on new public repositories
All new public repositories owned by personal accounts will now have secret scanning and push protection enabled by default. Pushes to the repository that include known secrets will be blocked…
The world's largest developer platform
GitHub
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
