You can now use the "security extended" query suite in code scanning default setup with CodeQL
GitHub Blog Search
Search Results for: Security
Learn about using GitHub Advanced Security alerts with vulnerability management tools. Check out the integrations and learn about how to get started.
On March 13, we will officially begin rolling out our initiative to require all developers who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023. Read on to learn about what the process entails and how you can help secure the software supply chain with 2FA.
Multi-repository variant analysis lets you scale security research across thousands of repositories, giving you a powerful tool to find and respond to newly discovered vulnerabilities.
Learn how teams can leverage the power of GitHub Advanced Security’s code scanning and GitHub Actions to integrate the right security testing tools at the right time.
Security advisories now have multiple types of credits
The GitHub Security Lab audited DataHub, an open source metadata platform, and discovered several vulnerabilities in the platform's authentication and authorization modules. These vulnerabilities could have enabled an attacker to bypass authentication and gain access to sensitive data stored on the platform.
Code scanning default setup on the security coverage page
Security overview's team filter now includes repositories with write privileges
Code security enablement settings on the list organization repositories REST API
With just one click, admins in GitHub Advanced Security organizations can protect their custom patterns on push.
GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023. Learn more about our approach, when we’ll begin our rollout, and what you can expect as we begin requiring 2FA.
Improvements to GitHub Advanced Security billing pages
Organization-level security risk and coverage pages replace overview page
Incremental improvements on security advisory form
Dependabot now supports security updates for Dart and Flutter apps that use Pub packages
Dependabot security updates now supports GitHub Actions
Feature enablement from the organization-level security coverage page