Search results for: Security

Security advice for users and maintainers to help reduce the impact of the next supply chain malware attack.

CodeQL is the static analysis engine behind GitHub’s Code Scanning and Code Quality products, which find and remediate issues relating to code quality and security. We’ve recently released CodeQL 2.23.7…

More GitHub Enterprise customers can now start a self-serve GitHub Advanced Security trial to evaluate GitHub Code Security and GitHub Secret Protection. Enterprises that have previously completed a GitHub Advanced…

Dependabot now supports security alerts and updates for uv. When vulnerabilities are detected in your uv dependencies, Dependabot can automatically open security alerts and pull requests to update to secure…

We have enhanced the metrics displayed on the security overview dashboard for CodeQL alerts fixed with Copilot autofixes. This improvement specifically refines how we calculate how much of an autofix…

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.23.6, which adds support for Swift 6.2.1,…

Use partner-built Copilot agents to debug, secure, and automate engineering workflows across your terminal, editor, and github.com.

To help you track and remediate secret scanning alerts more effectively, secret scanning alert assignees and security campaigns are now generally available. What’s new? Notifications: Alert assignees receive email notifications…

Learn more about the agentic security principles that we use to build secure AI products—and how you can apply them to your own agents.

Editor’s note (November 5, 2025): We’ve updated this post to explicitly clarify that the affected tokens are npm tokens. Today marks another milestone in our ongoing effort to strengthen npm’s…

GitHub Copilot coding agent is GitHub’s asynchronous, autonomous developer agent that helps your teams move faster by allowing you to delegate a wide range of tasks to it, including implementing…

For this year’s Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to put the spotlight on a talented security researcher—André Storfjord Kristiansen!

For this year’s Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher — @xiridium!

As part of our ongoing commitment to securing the npm ecosystem, we’re implementing the first phase of security improvements outlined in our recent announcement. These changes will roll out over…

For this year’s Cybersecurity Awareness Month, GitHub’s Bug Bounty team is excited to offer some additional incentives to security researchers!

Today, we’re announcing two major enhancements that help security and developer teams remediate security debt more efficiently. Security campaigns for secret scanning alerts Security campaigns are already generally available for…

CodeQL scans on pull requests for Go, C#, C/C++ and Swift are now incremental. All CodeQL languages now support incremental analysis. This is powered by our new incremental analysis, which…

GitHub is introducing post-quantum secure key exchange methods for SSH access to better protect Git data in transit.

Enterprise admins can now designate a specific contact email for security incident notifications by navigating to Settings > Profile in their enterprise account. This optional field allows for targeted security…

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.23.0, which introduces a new Rust security…

Starting today, developers with write access to repositories in security campaigns will receive email notifications without needing to subscribe to repository activity. Previously, users needed to subscribe to All activity…