Search results for: Security

Learn how GitHub Copilot’s evolving models and infrastructure center developer choice and power agentic workflows.

Learn how the Secret Protection engineering team collaborated with GitHub Copilot coding agent to expand validity check coverage.

In the latest improvements with Copilot code review, we’ve added a new Copilot code review enterprise and organization setting and Copilot code review is now generally available in Xcode 🎉.…

GitHub is committed to empowering the developer community by helping organizations recognize and address the risks of secret leaks. That’s why we’re launching a new free tool which will help…

Releases now support immutability in public preview GitHub releases now support immutability, adding a new layer of supply chain security. With immutable releases, assets and tags are protected from tampering…

You can now tell Dependabot to completely skip dependency manifests that live in specific subdirectories of your repository. This general availability release reduces noise by preventing unwanted update pull requests…

Secret scanning is adding validity check support for several additional secret types across multiple providers. In addition to previously announced validators, GitHub is adding validity check support for the following…

When a chat conversation is poisoned by indirect prompt injection, it can result in the exposure of GitHub tokens, confidential files, or even the execution of arbitrary code without the user’s explicit consent. In this blog post, we’ll explain which VS Code features may reduce these risks.

Learn Model Context Protocol by building a turn-based game server that shows how to extend GitHub Copilot with custom tools, resources, and prompts.

See what’s happening at Universe 2025, from experimental dev tools and career coaching to community-powered spaces. Save $400 on your pass with Early Bird pricing.

Now generally available, GitHub Secret Protection users have the ability to configure which secret scanning patterns are included in push protection. This customization helps you to better meet your organization’s…

Dependabot can now automatically update your Rust toolchain versions defined in rust-toolchain.toml and rust-toolchain files, helping you keep your Rust projects up-to-date with the latest stable, beta, or nightly releases.…

GitHub Actions is powered by a diverse ecosystem of first-party and community contributed actions. If one of these actions has a vulnerability or is compromised by a malicious actor, it…

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.22.2 and 2.22.3, which expand Rust support,…

Discover the latest trends and insights on public software development activity on GitHub with the quarterly release of data for the Innovation Graph, updated through March 2025.

The remote GitHub MCP server now scans all of its tool call inputs in public repositories. If an exposed secret is detected, the call is blocked by default with clear…

Learn how the International Telecommunication Union made the switch to open source, and how you can too!

Secret scanning is adding validity check support for 12 additional token types across 11 providers. In addition to previously announced token types, you will now see validity checks for the…

Dependabot now supports automatic dependency updates for vcpkg, the free C/C++ package manager from Microsoft. This enables teams using vcpkg to keep their C and C++ dependencies secure and up-to-date…

Learn how the GitHub Secure Open Source Fund helped 71 open source projects significantly improve their security posture through direct funding, expert guidance, and actionable playbooks.

tl;dr: I am stepping down as GitHub CEO to build my next adventure. GitHub is thriving and has a bright future ahead. The following is the internal post I sent to GitHub employees (Hubbers) this morning announcing my departure.