Search results for: Security

GitHub code scanning alerts on pull requests are now easier to address with bulk actions. You can now apply fixes for code scanning alerts in the Files changed tab by…

The top-level Security tab across repositories, organizations, and enterprises has been renamed to Security & quality on github.com. This change restructures the navigation to colocate code quality findings alongside security…

The CodeQL pull request insights tab in GitHub security overview now reports Copilot Autofix and alert statistics from all protected branches, not just the default branch. This gives you a…

A look at GitHub Actions’ 2026 roadmap, outlining how secure defaults, policy controls, and CI/CD observability harden the software supply chain end to end.

On April 21, 2026, we’re deprecating and removing the following fields from the get an organization and update an organization REST API endpoints: advanced_security_enabled_for_new_repositories dependabot_alerts_enabled_for_new_repositories dependabot_security_updates_enabled_for_new_repositories dependency_graph_enabled_for_new_repositories secret_scanning_enabled_for_new_repositories secret_scanning_push_protection_enabled_for_new_repositories secret_scanning_validity_checks_enabled…

CodeQL and AI‑powered detections work together in GitHub Code Security to identify vulnerabilities across more languages and frameworks.

GitHub Advanced Security is now easier to manage in organizations. A new guided experience helps you set up and configure Advanced Security, so you can now edit configurations and repository…

The security manager role can no longer enable or disable GitHub Code Quality for a repository unless they are also an administrator for that repository. Only repository administrators can enable…

GitHub Agentic Workflows are built with isolation, constrained outputs, and comprehensive logging. Learn how our threat model and security architecture help teams run agents safely in GitHub Actions.

GitHub Security Lab Taskflow Agent is very effective at finding Auth Bypasses, IDORs, Token Leaks, and other high-impact vulnerabilities.

Repository administrators can now lock draft repository security advisories and private vulnerability reports to prevent collaborators from editing advisory content or metadata. When locked, only administrators can make changes; collaborators…

Two new features are available today in npm CLI v11.10.0+: Bulk configuration for OIDC trusted publishing: Maintainers can now add or update trusted publishing configurations across multiple packages in a…

Learn how The GitHub Secure Open Source Fund helped 67 critical AI‑stack projects accelerate fixes, strengthen ecosystems, and advance open source resilience.

Learn how we are using the newly released GitHub Security Lab Taskflow Agent to triage categories of vulnerabilities in GitHub Actions and JavaScript projects.

You can now link build artifacts like containers and binaries to GitHub and add storage and deployment context, even if the artifacts live outside GitHub. This helps you get code-to-cloud…

Announcing GitHub Security Lab Taskflow Agent, an open source and collaborative framework for security research with AI.

Security advice for users and maintainers to help reduce the impact of the next supply chain malware attack.

CodeQL is the static analysis engine behind GitHub’s Code Scanning and Code Quality products, which find and remediate issues relating to code quality and security. We’ve recently released CodeQL 2.23.7…

More GitHub Enterprise customers can now start a self-serve GitHub Advanced Security trial to evaluate GitHub Code Security and GitHub Secret Protection. Enterprises that have previously completed a GitHub Advanced…

Dependabot now supports security alerts and updates for uv. When vulnerabilities are detected in your uv dependencies, Dependabot can automatically open security alerts and pull requests to update to secure…