Level up monitoring and reporting for your enterprise
A high-quality audit log is an essential tool for enterprises to ensure compliance, maintain security, investigate issues, and promote accountability.
GitHub Blog Search
A high-quality audit log is an essential tool for enterprises to ensure compliance, maintain security, investigate issues, and promote accountability.
API requests are available via audit log streaming - Public Beta
You can now filter by repository topic or team on the organization-level Dependabot, code scanning, and secret scanning pages in security overview. These improvements have shipped to GitHub.com and will…
Secret scanning now shows metrics for custom patterns
Learn more about static analysis and how to use it for security research! In this blog post series, we will take a closer look at static analysis concepts, present GitHub’s static analysis tool CodeQL, and teach you how to leverage static analysis for security research by writing custom CodeQL queries.
These changes will improve the experience for custom query authors and enable better precision in some of our standard queries. Learn how to enable them for your custom queries.
Developers and compliance teams get a new SBOM generation tool for cloud repositories.
Learn how GitHub’s one, integrated platform–powered by AI and secure at every step—helps developer teams be more productive, collaborative, and efficient.
Code scanning shows the health of tools enabled on a repository
Dependency graph GraphQL API preview includes submitted dependencies
GitHub Actions: SBOMs are now attached to hosted runner image releases for macOS
At approximately 05:00 UTC on March 24, out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations for GitHub.com.
Fixed bug that allowed private issues and pull request titles to be shown in search results
Writing secure code is as much of an art as writing functional code, and it is the only way to write quality code. Learn how our Secure Code Game can provide you with hands-on training to spot and fix security issues in your code so that you can build a secure code mindset.
Code scanning API to enable default setup with CodeQL on a repository
Enable code scanning default setup with CodeQL at the organization level (public beta)
Secret scanning changes to how you opt in to notifications
Code scanning shows more accurate and relevant alerts on pull requests
We’re looking forward to working with policymakers to improve cybersecurity and support developers.