Security campaigns with Copilot Autofix are now in public preview. Available as part of GitHub Advanced Security, security campaigns rapidly reduce your backlog of application security debt. By using Copilot…
As we wrap up Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program—@adrianoapj!
Now you can simplify the rollout of GitHub security products within your organization. Code security configurations now allow you to define collections of security settings and apply those settings to…
In the coming months, the current interface for managing code security settings for an enterprise will be deprecated and replaced with new and improved code security configurations that will provide…
Learn about a community-developed framework for how to think about this problem holistically and how to use GitHub, particularly, to improve the security in the second half of your software supply chain.
You can now apply code security configurations to archived repositories. This makes it simpler to roll out configurations without having to filter for archived repos, and ensures features like Dependabot,…
For this year’s Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program—@imrerad!
For this year’s Cybersecurity Awareness Month, GitHub’s Bug Bounty team is excited to offer some additional incentives to security researchers!
Now, you can view Prevention metrics alongside Detection and Remediation metrics and in an enhanced security overview dashboard. This update is available at both the organization and enterprise levels. New…
When reviewing code security configurations, you can now more easily filter repositories with new filter options. The new filters allow you to sort repositories based on the status of specific…
GitHub security advisories now support the new CVSS 4.0 schema. CVSS, or the Common Vulnerability Scoring System, is an industry standard maintained by FIRST. The CVSS 4.0 standard adds new…
You can now use Copilot Chat in GitHub.com to search across GitHub to find and learn more about GitHub Advanced Security Alerts from code scanning, secret scanning, and Dependabot. This…
Now, secret scanning non-provider patterns are included in the GitHub-recommended security configuration. Non-provider patterns have also been automatically enabled for any repositories with the recommended configuration previously attached. Secret scanning…
You can now enable non-provider patterns (generic patterns) through security configurations at the organization level. Non-provider patterns will also be included in the GitHub-recommended security configuration on August 23, 2024.…
You can now retrieve the code security configuration applied to a specific repository via the repos endpoint in the REST API. Previously, you could only retrieve all the repositories associated…
We are streamlining the deployment of GitHub’s security products at scale with code security configurations. This functionality simplifies the rollout of GitHub security products by defining collections of security settings…
Enhance your security workflows by exporting security alert data for offline analysis, reporting, and archival purposes with our new CSV export functionality, available at the organization level. CSV exports will…
Today, we are expanding our “pay-as-you-go” model to include GitHub Enterprise (GHE) and GitHub Advanced Security (GHAS) — unifying the GitHub product portfolio as metered services. This provides our customers…
To make it easier to submit security advisories, GitHub now validates package names. When submitting a new GHSA (GitHub Security Advisory) in a repository, the user is prompted to enter…
The enum field indicating a ‘detached’ status will be deprecated from the ‘Get repositories associated with a code security configuration’ endpoint. The endpoint itself will remain. We will replace the…
Code security configurations were made generally available on July 10th, 2024. This experience replaces our old settings experience and its API. If you are currently using the REST API endpoint…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Last chance: Save $700 on your IRL pass to Universe and join us on Oct. 28-29 in San Francisco.
