Search results for: Security

GitHub secret scanning continually adds support for new secret types. The following updates were made during the month of November. New provider patterns: Secret scanning added 24 new secret types…

We released three major updates to Copilot Spaces: public spaces, individual sharing, and the ability to add files to a space directly from the github.com code viewer. 👥 Public spaces…

Organization owners can now better control which users are allowed to install GitHub Apps across their repositories with a new setting. Previously, any user with admin permissions on a repository—including…

Run multiple Copilot agents from one place. Learn prompt techniques, how to spot drift early, and how to review agent work efficiently.

Starting today, GitHub will report any publicly leaked secrets found in unlisted GitHub gists to the respective secret scanning partner. GitHub gists can be listed (denoted with a public label)…

GitHub code scanning default setup now runs even if your organization has GitHub Actions policies that restrict which workflows can run. In the past, restrictive actions policies could block code…

Dependabot update jobs can now target specific self-hosted and larger GitHub-hosted Actions runners using custom labels. Previously, Dependabot required the single dependabot label. This change gives you finer control, improves…

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.23.5, introducing three new Java security queries…

Learn how to write effective agents.md files for GitHub Copilot with practical tips, real examples, and templates from analyzing 2,500+ repositories.

We’ve introduced enhanced authentication capabilities in GitHub Copilot plugins for JetBrains, Eclipse, and Xcode to support more third-party OAuth providers with a secure and flexible approach using Dynamic Client Registration…

GitHub now makes it easier for teams to track, prioritize, and remediate security risks that matter by connecting code, build artifacts, and production context. Here’s what’s shipped and how you…

Enterprise and organization administrators can now configure MCP registries and enforce allowlist policies in the latest release of VS Code Stable, bringing these governance controls to the majority of Copilot…

Starting December 1, 2025, all usage-based GitHub products paid by credit card on self-serve metered GitHub Enterprise Cloud accounts will be billed on the first of each month. Your billing…

The open source Git project just released Git 2.52. Here is GitHub’s look at some of the most interesting features and changes introduced since last time.

Organization owners can now better control which users are allowed to install GitHub Apps across their repositories with a new setting, available in public preview. Previously, any user with admin…

Discover practical tips, examples, and best practices for writing effective instructions files. Whether you’re new or experienced, you’ll find something to level up your code reviews.

GitHub Actions OpenID Connect (OIDC) token claims now include check_run_id This enhancement enables fine-grained, attribute-based access control and improves auditability for workflows that integrate with external services. Platform teams often…

To reduce the risk of cryptographic credentials being exposed in your repositories, secret scanning now detects additional private key formats and has upgraded existing private key detectors. In addition, Sentry…

A breakdown of how Copilot coding agent has contributed to a better, more powerful GitHub.

GitHub is updating how GitHub Actions’ pull_request_target and environment branch protection rules are evaluated for pull-request-related events. These changes will take effect on 12/8/2025. They aim to reduce security critical…

Nearly a billion commits later, the way we ship code has changed for good. Here’s what the 2025 Octoverse data says about how devs really work now.