Search results for: Security

Editor’s note (April 20, 2026): We updated this post to clarify in preview, VNET failover manual and not automated This month, GitHub Actions adds entrypoint and command overrides for service…

March 2026 brought a major step forward for GitHub Copilot extensibility in Visual Studio, with custom agents, agent skills, and new tools that make the agent smarter and more capable.…

Recent attacks on open source focus on exfiltrating secrets; here are the prevention steps you can take today, plus a look at the security capabilities GitHub is working on.

Dependabot can now detect and update Swift package dependencies in Xcode projects that manage packages through .xcodeproj bundles, even when no Package.swift file is present. This improvement has been one…

GitHub secret scanning continually updates its detectors, validators, and analyzers. Here’s what’s new. Nine new secret detectors from seven providers, including Langchain, Salesforce, and Figma. Secrets from Figma, Google, OpenVSX,…

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.25.0, which upgrades Swift analysis to 6.2.4,…

Starting May 1, 2026, the EU data residency region for GitHub Enterprise Cloud on ghe.com will include Azure infrastructure in EFTA (European Free Trade Association) countries—specifically Norway and Switzerland—in addition…

We’ve extended the Credential revocation API to support additional token types, enabling you to programmatically revoke any exposed credentials found on repositories or elsewhere. This helps you quickly limit the…

Reviewed advisories hit a four-year low, malware advisories surged, and CNA publishing grew—here’s what changed and what it means for your triage and response.

Hey GitHub Community, We’ve made some important updates to our Privacy Statement and Terms of Service to keep you informed about how we handle your data. Notably, from April 24…

CodeQL scans on pull requests for C#, Java, JavaScript/TypeScript, Python, and Ruby are now incremental, making them faster. Earlier this year, we sped up scans during pull requests with CodeQL…

You can now designate secret scanning push protection exemptions from your repository settings. Previously, exemptions could only be managed from security configurations at the organization and enterprise levels. What are…

Docked panels for the pull request “Files changed” page are rolling out now. They let you review code with key pull request context open side-by-side: overview, comments, merge status, and…

When Copilot coding agent writes code, it automatically runs your project’s tests and linter. It also runs GitHub’s security and quality validation tools, including CodeQL, the GitHub Advisory Database, secret…

To give enterprises the stability they need for internal security and safety reviews, GitHub has established a new commitment with long-term support (LTS) models available for Copilot Business and Copilot…

You can now receive Dependabot alerts when your repositories depend on npm packages with known malicious versions. When you enable malware alerting, Dependabot matches your npm dependencies against malware advisories…

The GitHub MCP Server can now scan your code changes for exposed secrets before you commit or open a pull request. This helps you prevent credential leaks by detecting secrets…

GitHub Enterprise Server (GHES) 3.20 enhances deployment efficiency, monitoring capabilities, code security, and policy management. Here are a few highlights in the 3.20 release: The improved merge experience on the…

Organizations with secret scanning push protection can now designate specific roles, teams, and apps as exempt from push protection enforcement. Exemption status is evaluated at the time of each push.…

See how GitHub is investing in open source security funding maintainers, partnering with Alpha-Omega, and expanding access to help reduce burden and strengthen software supply chains.

GitHub Code Quality findings on pull requests are now easier to address with bulk actions. You can now apply fixes for Code Quality findings in the Files changed tab by…