Search results for: Security

For this year’s Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher — @xiridium!

As part of our ongoing commitment to securing the npm ecosystem, we’re implementing the first phase of security improvements outlined in our recent announcement. These changes will roll out over…

For this year’s Cybersecurity Awareness Month, GitHub’s Bug Bounty team is excited to offer some additional incentives to security researchers!

Today, we’re announcing two major enhancements that help security and developer teams remediate security debt more efficiently. Security campaigns for secret scanning alerts Security campaigns are already generally available for…

CodeQL scans on pull requests for Go, C#, C/C++ and Swift are now incremental. All CodeQL languages now support incremental analysis. This is powered by our new incremental analysis, which…

GitHub is introducing post-quantum secure key exchange methods for SSH access to better protect Git data in transit.

Enterprise admins can now designate a specific contact email for security incident notifications by navigating to Settings > Profile in their enterprise account. This optional field allows for targeted security…

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.23.0, which introduces a new Rust security…

Starting today, developers with write access to repositories in security campaigns will receive email notifications without needing to subscribe to repository activity. Previously, users needed to subscribe to All activity…

You can now choose a Not set option for GitHub Code Security features in your organization’s security configurations. Previously, you could only enable or disable features like code scanning and…

Organizations using GitHub security configurations can now choose to require CodeQL to run on repositories using either default or advanced setup. Previously, if a repository was using advanced setup, you…

Discover how to increase the coverage of your CodeQL CORS security by modeling developer headers and frameworks.

Today, the Git project released new versions to address seven security vulnerabilities that affect all prior versions of Git.

Use these insights to automate software security (where possible) to keep your projects safe.

Stricter requirements are being enforced for application authentication and cross-organization access

We’ve introduced a new Dependabot metrics section in the Security tab, available at the organization level. This update helps application security managers cut through the noise and focus on remediating…

We’ve added a “time to remediate” metric for GitHub CodeQL pull request alerts on the security overview dashboard. Now, you’ll see how quickly your team resolves code scanning vulnerabilities on…

Dive into the novel security challenges AI introduces with the open source game that over 10,000 developers have used to sharpen their skills.

CodeQL scans on pull requests for JavaScript, TypeScript, Java, Ruby, and Python are now up to 20% faster. This is powered by our new incremental analysis, which only analyzes new…

In the context of GitHub Actions runners, virtual network (vNet) is an Azure Virtual Network that provides network isolation, enhanced security, and private connectivity for runners deployed in a controlled…

This May marks the fifth annual Maintainer Month, and there are lots of treats in store: new badges, special discounts, events with experts, and more.