CodeQL, the static analysis engine that powers GitHub code scanning, can now analyze C/C++ projects without needing a build. This capability is in public preview and enables organizations to more…
GitHub Enterprise Server (GHES) 3.17 enhances deployment efficiency, monitoring capabilities, code security, and policy management. Here are a few highlights in the 3.17 release: GitHub Advanced Security (GHAS) is now…
Delegated alert dismissal allows you to require a review process before dismissing a secret scanning alert. Previously, only organization owners and security managers had permission to review these requests. Now…
If your organization hosts dependencies in private or internal GitHub repositories, you can give Dependabot access to the host repository, allowing Dependabot to update the dependency version. GitHub Advanced Security…
DNS rebinding attack without CORS against local network web applications. Explore the topic further and see how it can be used to exploit vulnerabilities in the real-world.
We’ll decode these two tools—and show you how to use them both to work more efficiently.
Sharpen your skills, test out new tools, and connect with people who build like you.
Get insights on the latest trends from GitHub experts while catching up on these exciting new projects.
Starting May 30, 2025, CodeQL no longer generates code scanning alerts for hardcoded secrets. If you want to detect hardcoded secrets in your repositories, we recommend using secret scanning, which…
Enhancements to Copilot code reviews: personal settings, improved comment quality, and expanded language support.
Dependabot is now generally available for execution on self-hosted GitHub Actions runners managed within Kubernetes clusters using the Actions Runner Controller (ARC). This setup provides auto-scaling, workload isolation, and improved…
Projects that use Gradle need to include dependencies that are resolved at build time in order to get a full, transitive dependency tree. To make this easier, dependency auto-submission now…
Maintaining and developing complex and risky code is never easy. See how we addressed the challenges of securing our SAML implementation with this behind-the-scenes look at building trust in our systems.
In this post, I’ll look at CVE-2025-0072, a vulnerability in the Arm Mali GPU, and show how it can be exploited to gain kernel code execution even when Memory Tagging Extension (MTE) is enabled.
CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released version 2.21.3 of CodeQL. Here’s what’s new and…
GitHub continually updates the default pattern set for secret scanning with new patterns and upgrades of existing patterns, helping ensure your repositories have comprehensive detection for different secret types. The…
Implementing features has never been easier: Just assign a task or issue to Copilot. It runs in the background with GitHub Actions and submits its work as a pull request.
We’ve released the public preview of GitHub Copilot app modernization for Java—an AI-powered solution designed to simplify and accelerate Java upgrades and cloud migrations. By combining the intelligence of GitHub…
This update to the commit details page enhances accessibility, building on valuable feedback from the community, and also improves security and performance. Inline comments are now visible by default Inline…
GitHub Enterprise Server (GHES) 3.17 enhances deployment efficiency, monitoring capabilities, code security, and policy management. Here are a few highlights in the 3.17 release: GitHub Advanced Security (GHAS) is now…
You can now disable the dependency graph for public repositories. This gives you more control over your repository’s data and security features. The dependency graph powers features like SBOMs, dependency…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.
