How GitHub uses CodeQL to secure GitHub
How GitHub’s Product Security Engineering team manages our CodeQL implementation at scale and how you can, too.
How GitHub’s Product Security Engineering team manages our CodeQL implementation at scale and how you can, too.
You can now more easily filter secret scanning alerts, with new filter options and advanced filtering. Enterprise and organization level list views now include a new menu with commonly used…
We’re excited to announce that persistent commit signature verification is now generally available! This powerful feature ensures that commit signatures are verified once at the time of the push and…
GitHub Enterprise Server 3.15 is now generally available GitHub Enterprise Server 3.15 is now available for download. Some key features & highlights you can find in this release include: Updated…
Audit logs play a critical role in keeping enterprises secure and auditing enterprise activity for compliance. Since becoming generally available in January 2022, audit log streaming has been used by…
We’re excited to introduce persistent commit signature verification, a powerful new feature designed to elevate the security and reliability of your repository’s commit history. Starting today, GitHub verifies commit signatures…
The GitHub Enterprise Server 3.15 release candidate is here You can now download the GitHub Enterprise Server 3.15 release candidate to try out the new features in this latest version.…
You can now view exact locations of known public leaks for a secret scanning alert, as well as any repositories with duplicate alerts across your enterprise. Public leak and duplicate…
You can now apply code security configurations to archived repositories. This makes it simpler to roll out configurations without having to filter for archived repos, and ensures features like Dependabot,…
Starting today, existing GitHub Enterprise customers will begin to transition to the enhanced billing platform. What is the enhanced billing platform? The enhanced billing platform is a suite of new…
To help you triage and remediate secret leaks more effectively, GitHub secret scanning now indicates if a secret detected in your repository has also leaked publicly with a public leak…
Over the next six months, we will be making the following changes and deprecations to the GitHub Actions service: Reduction to Webhook rate limit in GitHub Actions Starting October 1st,…
You can now add repository permissions to custom organization roles, granting a specific level of access to all the repositories in your organization. This builds on the release of organization-wide…
We’re excited to bring an updated repository list view experience and the ruleset merge queue rule to general availability, as well as an update to the status check and workflow…
Organization owners and security managers can now filter the table of repositories on the code security configurations settings page by configuration attachment failure reason. This is useful when you’ve attempted…
Code security configurations are now generally available (GA)! Code security configurations simplify the rollout of GitHub security products at scale. They help you define collections of security settings and apply…
When rolling out code scanning default setup at scale (e.g., via code security configurations), GitHub checks if an advanced CodeQL setup already exists for each repository. If an advanced setup…
Editor’s note (October 30, 2025): Updated this post to include information for the GitHub CLI timeline. Today, we are announcing the sunset of GitHub Projects (classic), which will follow individual…
The code scanning option for repository rules is now available in public beta. Code scanning users can now create a dedicated code scanning rule to block pull request merges, instead…
Starting January 30th, 2025, GitHub Actions customers will no longer be able to use v3 of actions/upload-artifact or actions/download-artifact. Customers should update workflows to begin using v4 of the artifact…
As a proactive measure to protect Github.com availability, GitHub Apps that attempt to create high-complexity scoped installation tokens will receive failures if they would individually reference too many repositories. At…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Join us October 28-29 in San Francisco or online for GitHub Universe, our flagship developer event uniting people, agents, and the world’s code.