![](https://github.blog/wp-content/uploads/2023/10/Security_banner-OG.jpg?resize=400%2C212)
Cybersecurity spotlight on bug bounty researcher @Ammar Askar
We’re excited to highlight another top contributing researcher to GitHub’s Bug Bounty Program—@Ammar Askar!
We’re excited to highlight another top contributing researcher to GitHub’s Bug Bounty Program—@Ammar Askar!
GitHub Advanced Security is part of GitHub Enterprise Cloud trial
Codespaces Repository Access and Security Setting Removal
For this year’s Cybersecurity Awareness Month, the GitHub bug bounty team is excited to feature another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program—@inspector-ambitious!
GitHub Advanced Security only consumes licenses for commits and pushes made after a repository is migrated to GitHub
The GitHub Security Lab audits open source projects for security vulnerabilities and helps maintainers fix them. Recently, we passed the milestone of 500 CVEs disclosed. Let’s take a trip down memory lane with a review of some noteworthy CVEs!
GitHub Advanced Security for Azure DevOps is now generally available. Enable secret scanning, dependency scanning, and code scanning on your organization directly in Azure DevOps configuration settings.
You can now export data from the risk and coverage pages to a comma-separated values (CSV) file. This feature supports exporting repository-specific data based on applied filters. Learn more about…
It was another record year for our Security Bug Bounty program! We’re excited to highlight some achievements we’ve made together with the bounty community in 2022!
Get repository security advisories for your organization via REST API
Request a CVE identifier for your repository security advisory via REST API
pnpm Support for Dependency Graph, Dependabot Alerts, and Dependabot Security Updates
Add collaborators to a draft security advisory with the REST API
GitHub has identified a low-volume social engineering campaign that targets the personal accounts of employees of technology firms. No GitHub or npm systems were compromised in this campaign. We’re publishing this blog post as a warning for our customers to prevent exploitation by this threat actor.
Update and Show Status of Dependabot Security Updates in API
Security risk and coverage pages are now generally available and replace the enterprise-level overview page
Use GitHub code search to support security research with multi-repostiory variant analysis for CodeQL (beta)
Risk and coverage views on the Code Security tab for enterprises (public beta)
Fix to improve security around creation of pull requests in public repos
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Get tickets to the 10th anniversary of our global developer event on AI, DevEx, and security.