Search results for: Security

Learn how to streamline your development workflow with five different MCP use cases.

GitHub code scanning customers can now require a review process before dismissing alerts, helping you manage security risks as well as meet audit and compliance requirements. What’s new Provide a…

You can now manage artifact attestations more effectively with new updates to the UI and API, including deletion, filtering, and bulk actions. Here’s what’s new: Delete attestations: Easily delete artifact…

Dependency auto-submission now supports the .NET package manager NuGet. This feature continues to expand the supported range of package manager ecosystems, adding to the existing Maven and Gradle support. Dependency…

The GitHub dependency graph maps every direct and transitive dependency in your project, so you can identify risks, prioritize fixes, and keep your code secure.

Multi-ecosystem grouped updates are now generally available for all Dependabot users! This configurable functionality allows you to group security or version dependency updates across multiple package ecosystems into a single…

The cooldown feature is now generally available for Dependabot version updates! This feature gives you control over when version update pull requests are created to bump your dependencies. What’s new…

Today, we’re extending CodeQL code scanning support to Rust. Developers working on Rust libraries and apps can now benefit from our best-in-class code security analysis. We currently identify issues such…

Use these insights to automate software security (where possible) to keep your projects safe.

Security teams can now choose which secret scanning patterns are included in push protection. Previously, push protection only covered a subset of patterns that met strict criteria. With this update,…

AI can help you code faster, but knowing why the code works—and sharpening your human-in-the-loop skills—is what makes you a great developer.

We’ve released support for enforcing GitHub Artifact Attestations in OPA Gatekeeper, an open source admission controller for Kubernetes, in public preview. With this release, you can write and enforce policies…

GitHub is consolidating Dependabot’s compute platform to GitHub Actions, and jobs that generate pull requests will be run as GitHub Actions workflows. This allows Dependabot to leverage GitHub Actions infrastructure,…

The Actions Runner Controller (ARC) 0.12.0 release introduces several enhancements including: public preview support for Red Hat OpenShift Kubernetes clusters and vault-based secret management, improvements to Docker-in-Docker (DinD) container mode,…

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released version 2.22.0 of CodeQL. Here’s what’s new and…

The GitHub MCP Server allows AI tools like GitHub Copilot in VS Code and Visual Studio, Claude Desktop, and others to seamlessly access live GitHub context and tools—like issues, pull…

Delegated alert dismissal allows you to require a review process before secret scanning alerts are closed. This helps you better manage security risk, as well as meet audit and compliance…

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.21.4, which brings support for a new…

CodeQL can now access private dependencies stored in private registries for Go projects. This makes your scans more comprehensive, helping to ensure you receive all important alerts regardless of where…

We have improved the metrics for CodeQL pull request alerts and Copilot autofixes on the security overview dashboard. This change enables you to gain a better understanding of how Copilot…