What’s coming to our GitHub Actions 2026 security roadmap
A look at GitHub Actions’ 2026 roadmap, outlining how secure defaults, policy controls, and CI/CD observability harden the software supply chain end to end.
Home / Blog Search
Search results for: Security
Upcoming deprecation of security-related organization API fields
On April 21, 2026, we’re deprecating and removing the following fields from the get an organization and update an organization REST API endpoints: advanced_security_enabled_for_new_repositories dependabot_alerts_enabled_for_new_repositories dependabot_security_updates_enabled_for_new_repositories dependency_graph_enabled_for_new_repositories secret_scanning_enabled_for_new_repositories secret_scanning_push_protection_enabled_for_new_repositories secret_scanning_validity_checks_enabled…
GitHub expands application security coverage with AI‑powered detections
CodeQL and AI‑powered detections work together in GitHub Code Security to identify vulnerabilities across more languages and frameworks.
GitHub Advanced Security setup made simple
GitHub Advanced Security is now easier to manage in organizations. A new guided experience helps you set up and configure Advanced Security, so you can now edit configurations and repository…
Code Quality permissions removed from security manager role
The security manager role can no longer enable or disable GitHub Code Quality for a repository unless they are also an administrator for that repository. Only repository administrators can enable…
Under the hood: Security architecture of GitHub Agentic Workflows
GitHub Agentic Workflows are built with isolation, constrained outputs, and comprehensive logging. Learn how our threat model and security architecture help teams run agents safely in GitHub Actions.
How to scan for vulnerabilities with GitHub Security Lab’s open source AI-powered framework
GitHub Security Lab Taskflow Agent is very effective at finding Auth Bypasses, IDORs, Token Leaks, and other high-impact vulnerabilities.
Lock and unlock draft repository security advisories
Repository administrators can now lock draft repository security advisories and private vulnerability reports to prevent collaborators from editing advisory content or metadata. When locked, only administrators can make changes; collaborators…
npm bulk trusted publishing config and script security now generally available
Two new features are available today in npm CLI v11.10.0+: Bulk configuration for OIDC trusted publishing: Maintainers can now add or update trusted publishing configurations across multiple packages in a…
Securing the AI software supply chain: Security results across 67 open source projects
Learn how The GitHub Secure Open Source Fund helped 67 critical AI‑stack projects accelerate fixes, strengthen ecosystems, and advance open source resilience.
AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent
Learn how we are using the newly released GitHub Security Lab Taskflow Agent to triage categories of vulnerabilities in GitHub Actions and JavaScript projects.
Strengthen your supply chain with code-to-cloud traceability and SLSA Build Level 3 security
You can now link build artifacts like containers and binaries to GitHub and add storage and deployment context, even if the artifacts live outside GitHub. This helps you get code-to-cloud…
Community-powered security with AI: an open source framework for security research
Announcing GitHub Security Lab Taskflow Agent, an open source and collaborative framework for security research with AI.
Strengthening supply chain security: Preparing for the next malware campaign
Security advice for users and maintainers to help reduce the impact of the next supply chain malware attack.
CodeQL 2.23.7 and 2.23.8 add security queries for Go and Rust
CodeQL is the static analysis engine behind GitHub’s Code Scanning and Code Quality products, which find and remediate issues relating to code quality and security. We’ve recently released CodeQL 2.23.7…
GitHub Advanced Security trials now available for more GitHub Enterprise customers
More GitHub Enterprise customers can now start a self-serve GitHub Advanced Security trial to evaluate GitHub Code Security and GitHub Secret Protection. Enterprises that have previously completed a GitHub Advanced…
Dependabot security updates now support uv
Dependabot now supports security alerts and updates for uv. When vulnerabilities are detected in your uv dependencies, Dependabot can automatically open security alerts and pull requests to update to secure…
More accurate Copilot Autofix usage metrics on security overview
We have enhanced the metrics displayed on the security overview dashboard for CodeQL alerts fixed with Copilot autofixes. This improvement specifically refines how we calculate how much of an autofix…
CodeQL 2.23.6 adds Swift 6.2.1 and new C# security queries
CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.23.6, which adds support for Swift 6.2.1,…
Your stack, your rules: Introducing custom agents in GitHub Copilot for observability, IaC, and security
Use partner-built Copilot agents to debug, secure, and automate engineering workflows across your terminal, editor, and github.com.
Secret scanning alert assignees, security campaigns are generally available
To help you track and remediate secret scanning alerts more effectively, secret scanning alert assignees and security campaigns are now generally available. What’s new? Notifications: Alert assignees receive email notifications…
The world's largest developer platform
GitHub
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
The GitHub Podcast
Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.