Search results for: Security

We are excited to introduce the new CodeQL Community Packs, a comprehensive set of queries and models designed to enhance your code analysis capabilities. These packs are tailored to augment…

To enhance auditing and troubleshooting, we’ve introduced new webhook and audit log events to track the completion of certain secret backfill scans on repositories. The events specify the type of…

CodeQL build-mode: none scans can now access private dependencies stored in private registries (e.g. Artifactory) for Java and C# projects. This makes your scans more comprehensive, ensuring you receive all…

You can now more easily filter secret scanning alerts, with new filter options and advanced filtering. Enterprise and organization level list views now include a new menu with commonly used…

You can now enable code scanning in your GitHub Actions workflow files. By opting-in to this feature, you can enhance the security of repositories using GitHub Actions. Actions analysis support…

In this post, I’ll walk you through the vulnerabilities I uncovered in the GStreamer library and how I built a custom fuzzing generator to target MP4 files.

New REST API endpoints for code scanning allow you to request the generation of Copilot Autofix for code scanning alerts. These endpoints also provide the Autofix generation status, along with…

Learn how I discovered 11 new vulnerabilities by writing CodeQL models for Gradio framework and how you can do it, too.

The EU Cyber Resilience Act will introduce new cybersecurity requirements for software released in the EU. Learn what it means for your open source projects and what GitHub is doing to ensure the law will be a net win for open source maintainers.

Reviewers can now add comments to push protection bypass requests in secret scanning. These comments help provide context, explaining the reasoning behind approving or denying a request. Requesters gain clarity…

The metrics overview for CodeQL pull request alerts now includes enhanced tracking and reporting mechanisms, resulting in greater accuracy and more CodeQL pull request alerts and Copilot Autofixes displayed on…

GitHub Copilot Extensions can now access local context in your editor and github.com to provide you with richer and more tailored responses. As a developer, you can benefit from context…

GitHub Copilot plugin now available for JetBrains IDEs version 2024.3 The GitHub Copilot plugin for JetBrains IDEs now fully supports version 2024.3 for you favorite IDEs, including IntelliJ IDEA, PyCharm,…

Artifact Attestations now supports attesting multiple subjects simultaneously. When the attest-build-provenance or attest-sbom actions create multiple attestations, a single attestation is created with references to each of the supplied subjects,…

We are excited to announce the launch of new governance at scale features for enterprise accounts in public preview. This preview includes enterprise custom repository properties, enterprise repository policies and…

The enterprise and organization-level audit log events are now created when a code scanning alert is created, fixed, dismissed, reopened, or appeared in a new branch: code_scanning.alert_created – a code…

When configuring CodeQL security analysis using code scanning’s default setup, you can now specify whether to run the analysis on a standard GitHub-hosted runner, a larger GitHub-hosted runner, or a…

GitHub Enterprise Server 3.15 is now generally available GitHub Enterprise Server 3.15 is now available for download. Some key features & highlights you can find in this release include: Updated…

A new REST API endpoint lists the secret scanning scan history for a repository, giving you visibility into when different types of secret scanning scans have occurred in your repository.…

Audit logs play a critical role in keeping enterprises secure and auditing enterprise activity for compliance. Since becoming generally available in January 2022, audit log streaming has been used by…

Enterprises now have more control over their two-factor authentication (2FA) policies for all members of their organization through an enhanced 2FA enrollment experience in GitHub. With this update, enterprise and…