Search results for: Security

Two new features are available today in npm CLI v11.10.0+: Bulk configuration for OIDC trusted publishing: Maintainers can now add or update trusted publishing configurations across multiple packages in a…

Learn how The GitHub Secure Open Source Fund helped 67 critical AI‑stack projects accelerate fixes, strengthen ecosystems, and advance open source resilience.

Learn how we are using the newly released GitHub Security Lab Taskflow Agent to triage categories of vulnerabilities in GitHub Actions and JavaScript projects.

You can now link build artifacts like containers and binaries to GitHub and add storage and deployment context, even if the artifacts live outside GitHub. This helps you get code-to-cloud…

Announcing GitHub Security Lab Taskflow Agent, an open source and collaborative framework for security research with AI.

Security advice for users and maintainers to help reduce the impact of the next supply chain malware attack.

CodeQL is the static analysis engine behind GitHub’s Code Scanning and Code Quality products, which find and remediate issues relating to code quality and security. We’ve recently released CodeQL 2.23.7…

More GitHub Enterprise customers can now start a self-serve GitHub Advanced Security trial to evaluate GitHub Code Security and GitHub Secret Protection. Enterprises that have previously completed a GitHub Advanced…

Dependabot now supports security alerts and updates for uv. When vulnerabilities are detected in your uv dependencies, Dependabot can automatically open security alerts and pull requests to update to secure…

We have enhanced the metrics displayed on the security overview dashboard for CodeQL alerts fixed with Copilot autofixes. This improvement specifically refines how we calculate how much of an autofix…

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.23.6, which adds support for Swift 6.2.1,…

Use partner-built Copilot agents to debug, secure, and automate engineering workflows across your terminal, editor, and github.com.

To help you track and remediate secret scanning alerts more effectively, secret scanning alert assignees and security campaigns are now generally available. What’s new? Notifications: Alert assignees receive email notifications…

Learn more about the agentic security principles that we use to build secure AI products—and how you can apply them to your own agents.

Editor’s note (November 5, 2025): We’ve updated this post to explicitly clarify that the affected tokens are npm tokens. Today marks another milestone in our ongoing effort to strengthen npm’s…

GitHub Copilot coding agent is GitHub’s asynchronous, autonomous developer agent that helps your teams move faster by allowing you to delegate a wide range of tasks to it, including implementing…

For this year’s Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to put the spotlight on a talented security researcher—André Storfjord Kristiansen!

For this year’s Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher — @xiridium!

As part of our ongoing commitment to securing the npm ecosystem, we’re implementing the first phase of security improvements outlined in our recent announcement. These changes will roll out over…

For this year’s Cybersecurity Awareness Month, GitHub’s Bug Bounty team is excited to offer some additional incentives to security researchers!

Today, we’re announcing two major enhancements that help security and developer teams remediate security debt more efficiently. Security campaigns for secret scanning alerts Security campaigns are already generally available for…