How we’re making security easier for the average developer
Security should be native to your workflow, not a painful separate process.
Home / You searched for Security / Blog Search
Search results for: Security
Found means fixed: Reduce security debt at scale with GitHub security campaigns
Starting today, security campaigns are generally available for all GitHub Advanced Security and GitHub Code Security customers—helping organizations take control of their security debt and manage risk by unlocking collaboration between developers and security teams.
Security campaigns are now generally available to help address security debt at scale
Security campaigns with Copilot Autofix are now generally available. As part of GitHub Code Security, you can use security campaigns to prioritize and rapidly reduce your backlog of application security…
GitHub Secret Protection and GitHub Code Security for GitHub Enterprise
At GitHub, we believe that investing in the security of your codebases should be straightforward, affordable, and scalable. Today, we’re rolling out standalone GitHub Advanced Security products for GitHub Enterprise…
GitHub Advanced Security is here for GitHub Team organizations
At GitHub, we believe that investing in the security of your codebase should be accessible for organizations of all sizes. Starting today, GitHub Team plan customers can purchase GitHub Secret…
Deprecation of cvss field in security advisories API
The cvss field for GitHub security advisories in the REST and GraphQL APIs will be deprecated in favor of the new cvss_severities field. cvss will be removed from the REST…
Not just for developers: How product and security teams can use GitHub Copilot
GitHub Copilot isn’t just for developers! Discover how product managers, security professionals, scrum masters, and more use GitHub Copilot to streamline tasks, automate workflows, and boost productivity across teams.
Introducing GitHub Secret Protection and GitHub Code Security
At GitHub, we believe that investing in the security of your codebases should be straightforward, cost-effective, and accessible for everyone. Today, we’re announcing changes to pricing plans and availability of…
Introducing metered billing for GitHub Enterprise and GitHub Advanced Security server usage
Scaling your GitHub usage just got easier! We are expanding our pay-as-you-go usage-based billing and licensing reporting interface to include GitHub Enterprise (GHE) and GitHub Advanced Security (GHAS) Server-only usage.…
It is easier to track your progress with fixed code scanning CodeQL security alerts on the Security Overview page
Now it is easier to see how many of your historical CodeQL alerts received autofix suggestions and how many of those alerts were resolved across all the repositories in your…
Copilot secret scanning can be enabled through code security configurations
Copilot secret scanning, which scans for passwords using AI, offers greater precision for detecting unstructured credentials that can cause security breaches if exposed. You can now use code security configurations…
From finding to fixing: GitHub Advanced Security integrates Endor Labs SCA
The partnership between GitHub and Endor Labs enables application security engineers and developers to drastically reduce time spent on open source vulnerabilities, and gives them the tools to go from finding to fixing.
Recent improvements to security campaigns with Copilot Autofix (public preview)
We’re releasing various improvements to security campaigns to help security teams and developers collaborate more effectively to resolve security debt with the help of Copilot Autofix. Security campaigns with Copilot…
What does a cybersecurity researcher do and how do you get started?
Discover the exciting world of cybersecurity research: what researchers do, essential skills, and actionable steps to begin your journey toward protecting the digital world.
Git security vulnerabilities announced
A new set of Git releases were published to address a variety of security vulnerabilities. All users are encouraged to upgrade. Take a look at GitHub’s view of the latest round of releases.
How to scan GitHub Actions workflows for security issues
In the last few months, we secured 75+ GitHub Actions workflows in open source projects, disclosing 90+ different vulnerabilities. Out of this research we produced new support for workflows in CodeQL, empowering you to secure yours.
Enhance build security and reach SLSA Level 3 with GitHub Artifact Attestations
Learn how GitHub Artifact Attestations can enhance your build security and help your organization achieve SLSA Level 3. This post breaks down the basics of SLSA, explains the importance of artifact attestations, and provides a step-by-step guide to securing your build process.
Code security configurations now available at the enterprise level
You can now create and manage code security settings at the enterprise level. This change reduces the need for repetitive setup at the organization level. Key updates: – Apply configurations…
Notice of breaking changes: Security manager REST API will be retired and replaced with the organization roles REST API
As part of our ongoing efforts to improve flexibility and control for managing the security manager role, we are retiring the security manager API and replacing it with the more…
Expanded flexibility and control for managing the security manager role
For organization owners, managing the security manager role is now easier and more flexible. These updates empower you to tailor security responsibilities and streamline role assignments to fit your needs:…
CSV export for enterprise-level security overview
You can now export security data for offline analysis, reporting, and archival purposes on the enterprise-level security overview pages. This includes: Enterprise-level overview dashboard: Export alert-level data for all your…
The world's largest developer platform
GitHub
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
The GitHub Podcast
Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.