Search results for: Security

You can now assign Dependabot alerts to specific users, helping your team track and remediate dependency vulnerabilities more effectively by assigning clear ownership of alerts. How it works From the…

You can now manage GitHub Code Quality availability separately from Code Security in GitHub Advanced Security policies. This gives you more flexibility to make GitHub Code Quality available across your…

GitHub Enterprise Server (GHES) 3.20 enhances deployment efficiency, monitoring capabilities, code security, and policy management. Here are a few highlights in the 3.20 release: The improved merge experience on the…

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve released CodeQL 2.24.2, which adds support for Go 1.26 and…

Dependabot now supports grouping updates by dependency name across multiple directories, making it easier to manage dependency upgrades in repositories with more than one package or service. What’s changed Previously,…

GitHub Code Quality now includes an organization-level dashboard in public preview. It gives organization owners, administrators, and developers a view of code health across repositories where code quality is enabled.…

GitHub Enterprise Cloud with Enterprise Managed Users (EMUs) can now enable the ability for GitHub’s native IP allow list configuration to cover user namespaces. EMUs allow the enterprise to own…

GitHub secret scanning is adding support for extended metadata checks in security configurations. This change makes it substantially easier to enable extended metadata checks at scale. As announced previously, repositories…

Enterprise owners can now use new credential management actions to respond decisively to high-impact security incidents in their GitHub Enterprise Cloud enterprise accounts. These new capabilities are available for enterprise…

The required reviewer rule for repository rulesets is now generally available, giving you granular control over who must approve changes to specific branches and files across your organization or enterprise.…

GitHub Agentic Workflows let you automate repository tasks using AI agents that run within GitHub Actions. Write workflows in plain Markdown instead of complex YAML, and let AI handle intelligent…

Discover GitHub Agentic Workflows, now in technical preview. Build automations using coding agents in GitHub Actions to handle triage, documentation, code quality, and more.

Open source is hitting an “Eternal September.” As contribution friction drops, maintainers are adapting with new trust signals, triage approaches, and community-led solutions.

Two new event types are now available to track changes to Dependabot settings through your organization and enterprise audit logs. Dependabot vulnerability updates toggle logs when someone enables or disables…

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.24.1, improving support for Maven private package…

This month, GitHub Actions introduces new capabilities, including custom runner autoscaling, expanded security controls for all users, and early access to new Windows and macOS runner images. GitHub Actions runner…

This January 2026 release brings significant improvements to GitHub Copilot in Visual Studio Code with agent-driven workflows, improvements to agent session management, and the introduction of agent support for Claude…

Claude by Anthropic and OpenAI Codex are now available in public preview on GitHub and VS Code with a Copilot Pro+ or Copilot Enterprise subscription. Here’s what you need to know and how to get started today.

Dependabot can now use OpenID Connect (OIDC) to authenticate with private registries, eliminating the need to store long-lived credentials as repository secrets. What’s new With OIDC-based authentication, Dependabot update jobs…