CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.23.0, which introduces a new Rust security…
Starting today, developers with write access to repositories in security campaigns will receive email notifications without needing to subscribe to repository activity. Previously, users needed to subscribe to All activity…
You can now choose a Not set option for GitHub Code Security features in your organization’s security configurations. Previously, you could only enable or disable features like code scanning and…
Organizations using GitHub security configurations can now choose to require CodeQL to run on repositories using either default or advanced setup. Previously, if a repository was using advanced setup, you…
Discover how to increase the coverage of your CodeQL CORS security by modeling developer headers and frameworks.
Today, the Git project released new versions to address seven security vulnerabilities that affect all prior versions of Git.
Use these insights to automate software security (where possible) to keep your projects safe.
Stricter requirements are being enforced for application authentication and cross-organization access
We’ve introduced a new Dependabot metrics section in the Security tab, available at the organization level. This update helps application security managers cut through the noise and focus on remediating…
We’ve added a “time to remediate” metric for GitHub CodeQL pull request alerts on the security overview dashboard. Now, you’ll see how quickly your team resolves code scanning vulnerabilities on…
Dive into the novel security challenges AI introduces with the open source game that over 10,000 developers have used to sharpen their skills.
CodeQL scans on pull requests for JavaScript, TypeScript, Java, Ruby, and Python are now up to 20% faster. This is powered by our new incremental analysis, which only analyzes new…
In the context of GitHub Actions runners, virtual network (vNet) is an Azure Virtual Network that provides network isolation, enhanced security, and private connectivity for runners deployed in a controlled…
This May marks the fifth annual Maintainer Month, and there are lots of treats in store: new badges, special discounts, events with experts, and more.
Actions Runner Controller (ARC) is a Kubernetes operator that automates the deployment, scaling, and lifecycle management of self-hosted actions runners within a Kubernetes cluster. It enables dynamic provisioning of runners…
For customers affected by ongoing grace periods, GitHub will automatically update the enable for new repositories security configuration setting for customers not opted out. This change helps you avoid unexpected…
GitHub code scanning now offers enhanced security protection for your GitHub Actions workflow files through CodeQL analysis, which is now generally available. This feature enables you to identify and remediate…
Learn how to leverage GitHub Copilot to make your code more secure.
Security should be native to your workflow, not a painful separate process.
Starting today, security campaigns are generally available for all GitHub Advanced Security and GitHub Code Security customers—helping organizations take control of their security debt and manage risk by unlocking collaboration between developers and security teams.
Security campaigns with Copilot Autofix are now generally available. As part of GitHub Code Security, you can use security campaigns to prioritize and rapidly reduce your backlog of application security…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Last chance: Save $700 on your IRL pass to Universe and join us on Oct. 28-29 in San Francisco.
