Search results for: Security

The Dependabot Proxy is now available as open source under the MIT license. What’s new You can now: Review the source code to see how authentication works for various package…

On February 9th, 2026, Docker and Docker Compose will be updated on all Windows and Ubuntu runner images except ubuntu-slim. This update allows you to take advantage of the latest…

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.24.0, which adds support for new language…

Read GitHub’s position on the European Open Digital Ecosystem Strategy and learn how to participate.

GitHub Copilot CLI continues to push the boundaries of agentic AI assistance in your terminal. This week brings powerful new reasoning models, intelligent workflow features that let you steer conversations…

Run tests, fix code, and get support—right in your workflow. Stay focused and let Copilot handle the busywork.

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.23.9. There are no user-facing changes to…

Learn how I managed context to keep Copilot focused, used the Plan agent to sharpen vague requirements, and required Test Driven Development practices to catch bugs before users.

GitHub secret scanning is adding support for extended metadata checks in security configurations, starting February 18, 2026. Extended metadata checks are a nested feature under validity checks. If you’ve already…

Copilot’s cross-agent memory system lets agents learn and improve across your development workflow, starting with coding agent, CLI, and code review.

AI is designed to help you do what you love most, not replace your expertise. Discover how developer feedback and real-world experience are shaping AI coding tools that keep you in control.

GitHub has introduced a new artifact_metadata permission to give you more precise control over API access to artifact-related metadata. This permission replaces the broader contents:read and contents:write permissions for the…

Today we’ve released an update to the consent page to be less alarming when using GitHub Apps only as a form of sign-in. The consent page for GitHub Apps, where…

Organizations now have more granular control over who can request GitHub Apps and OAuth apps. This enhancement helps you implement stricter governance policies while maintaining flexibility for your security posture.…

Learn how custom instructions, reusable prompts, and custom agents help GitHub Copilot deliver more accurate results.

Explore the GitHub Blog’s top posts covering the biggest software development topics of the year.

Learn why some long-enrolled OSS-Fuzz projects still contain vulnerabilities and how you can find them.

From Appwrite to Zulip, Universe 2025’s Open Source Zone was stacked with standout projects showing just how far open source can go. Meet the maintainers—and if you want to join them in 2026, you can now apply for next year’s cohort.

Organizations now have more granular control over who can request GitHub Apps and OAuth apps. This enhancement helps you implement stricter governance policies while maintaining flexibility for your security posture.…

Delegated alert dismissal allows you to require a review process before Dependabot alerts are closed. This feature is available to GitHub Code Security customers and can be used in both…

GitHub Enterprise Cloud with data residency in Japan is now generally available, allowing GitHub Enterprise Cloud customers greater flexibility in choosing where their code and repository data are stored. This…