Search results for: Security

If your organization hosts dependencies in private or internal GitHub repositories, you can give Dependabot access to the host repository, allowing Dependabot to update the dependency version. GitHub Advanced Security…

DNS rebinding attack without CORS against local network web applications. Explore the topic further and see how it can be used to exploit vulnerabilities in the real-world.

We’ll decode these two tools—and show you how to use them both to work more efficiently.

Sharpen your skills, test out new tools, and connect with people who build like you.

Get insights on the latest trends from GitHub experts while catching up on these exciting new projects.

Starting May 30, 2025, CodeQL no longer generates code scanning alerts for hardcoded secrets. If you want to detect hardcoded secrets in your repositories, we recommend using secret scanning, which…

Enhancements to Copilot code reviews: personal settings, improved comment quality, and expanded language support.

Dependabot is now generally available for execution on self-hosted GitHub Actions runners managed within Kubernetes clusters using the Actions Runner Controller (ARC). This setup provides auto-scaling, workload isolation, and improved…

Projects that use Gradle need to include dependencies that are resolved at build time in order to get a full, transitive dependency tree. To make this easier, dependency auto-submission now…

Maintaining and developing complex and risky code is never easy. See how we addressed the challenges of securing our SAML implementation with this behind-the-scenes look at building trust in our systems.

In this post, I’ll look at CVE-2025-0072, a vulnerability in the Arm Mali GPU, and show how it can be exploited to gain kernel code execution even when Memory Tagging Extension (MTE) is enabled.

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released version 2.21.3 of CodeQL. Here’s what’s new and…

GitHub continually updates the default pattern set for secret scanning with new patterns and upgrades of existing patterns, helping ensure your repositories have comprehensive detection for different secret types. The…

Implementing features has never been easier: Just assign a task or issue to Copilot. It runs in the background with GitHub Actions and submits its work as a pull request.

We’ve released the public preview of GitHub Copilot app modernization for Java—an AI-powered solution designed to simplify and accelerate Java upgrades and cloud migrations. By combining the intelligence of GitHub…

This update to the commit details page enhances accessibility, building on valuable feedback from the community, and also improves security and performance. Inline comments are now visible by default Inline…

GitHub Enterprise Server (GHES) 3.17 enhances deployment efficiency, monitoring capabilities, code security, and policy management. Here are a few highlights in the 3.17 release: GitHub Advanced Security (GHAS) is now…

You can now disable the dependency graph for public repositories. This gives you more control over your repository’s data and security features. The dependency graph powers features like SBOMs, dependency…

Self-hosted runner network communication requirements GitHub has introduced fully qualified and wildcard domains into a new actions_inbound section within the meta API. This enhancement provides customers with a streamlined way…

CodeQL is the static analysis engine behind GitHub code scanning, which identifies and remediates security issues in your code. We’ve recently released CodeQL 2.21.2, which now supports Swift 6.1. With…

GitHub takes the Global Accessibility Awareness Day (GAAD) pledge.