GitHub Blog Search
The GitHub Security Lab audits open source projects for security vulnerabilities and helps maintainers fix them. Recently, we passed the milestone of 500 CVEs disclosed. Let’s take a trip down memory lane with a review of some noteworthy CVEs!
GitHub Advanced Security for Azure DevOps is now generally available. Enable secret scanning, dependency scanning, and code scanning on your organization directly in Azure DevOps configuration settings.
You can now export data from the risk and coverage pages to a comma-separated values (CSV) file. This feature supports exporting repository-specific data based on applied filters. Learn more about…
It was another record year for our Security Bug Bounty program! We're excited to highlight some achievements we’ve made together with the bounty community in 2022!
Get repository security advisories for your organization via REST API
Request a CVE identifier for your repository security advisory via REST API
pnpm Support for Dependency Graph, Dependabot Alerts, and Dependabot Security Updates
Add collaborators to a draft security advisory with the REST API
GitHub has identified a low-volume social engineering campaign that targets the personal accounts of employees of technology firms. No GitHub or npm systems were compromised in this campaign. We’re publishing this blog post as a warning for our customers to prevent exploitation by this threat actor.
Update and Show Status of Dependabot Security Updates in API
Security risk and coverage pages are now generally available and replace the enterprise-level overview page
Use GitHub code search to support security research with multi-repostiory variant analysis for CodeQL (beta)
Risk and coverage views on the Code Security tab for enterprises (public beta)
Fix to improve security around creation of pull requests in public repos
GitHub Advanced Security trial now available on GitHub Enterprise Cloud
Security enhancements to required approvals on pull requests
We’ve launched the beta of code scanning support for Swift. This launch, paired with our launch of Kotlin support in November, means that CodeQL covers both IOS and Android development languages, bringing a heightened level of security to the mobile application development process.
GitHub Advanced Security for Azure DevOps is now available for public preview, making GitHub’s same application security testing tools natively available on Azure Repos.
Secret scanning's push protection now generally available for GitHub Advanced Security