Search results for: Security

We have partnered with Mergify to scan for their tokens to help secure our mutual users in public repositories. Mergify’s API key enables users to interact with Mergify’s API in…

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, we help protect users from data leaks and fraud associated with…

GitHub secret scanning protects users by searching repositories for known types of secrets such as tokens and private keys. By identifying and flagging these secrets, our scans help prevent data…

GitHub secret scanning protects users by searching repositories for known types of secrets such as tokens and private keys. By identifying and flagging these secrets, our scans help prevent data…

With the 2.16.5 release of CodeQL, we’re introducing a new mechanism for creating a CodeQL database for Java codebases, without relying on a build. This enables organizations to more easily…

CodeQL, the static analysis engine that powers GitHub code scanning, can now analyze Java projects without needing a build. This enables organizations to more easily roll out CodeQL at scale.…

SSH CAs uploaded to GitHub.com after March 27th, or in GHES 3.13 and beyond, can only sign certificates that expire. They must expire within 366 days of being created. While…

Dependabot will now fail gracefully with informative error messages when an unsupported NuGet project type is encountered. If you were using an unsupported project type previously, Dependabot might have failed…

Dependency review helps you understand dependency changes and the security impact of these changes at every pull request. We have updated the dependency review action to include information from the…

Code scanning autofix is now available in public beta for all GitHub Advanced Security customers. Powered by GitHub Copilot, code scanning suggests fixes for Javascript, Typescript, Java, and Python alerts…

Now in public beta for GitHub Advanced Security customers, code scanning autofix helps developers remediate more than two-thirds of supported alerts with little or no editing.

Starting today for GitHub Enterprise Cloud and as part of GitHub Enterprise Server version 3.13, enterprise and organization audit log events will include the applicable SAML and SCIM identity data…

In this post, I’ll look at CVE-2023-6241, a vulnerability in the Arm Mali GPU that allows a malicious app to gain arbitrary kernel code execution and root on an Android phone. I’ll show how this vulnerability can be exploited even when Memory Tagging Extension (MTE), a powerful mitigation, is enabled on the device.

Previously, if Dependabot encountered 30 consecutive failures, it would stop running scheduled jobs until manual intervention via updating the dependency graph or manifest file. Dependabot will now pause scheduled jobs…

CodeQL is the static analysis engine that powers GitHub code scanning. CodeQL version 2.16.4 has been released and has now been rolled out to code scanning users on GitHub.com. CodeQL…

Secret scanning now helps you more easily define custom patterns with GitHub Copilot. As of today, you can leverage AI to generate custom patterns without expert knowledge of regular expressions.…

All new public repositories owned by personal accounts will now have secret scanning and push protection enabled by default. Pushes to the repository that include known secrets will be blocked…

You can now use the REST API to check if a repository has private vulnerability reporting enabled. Learn more about: – Evaluating a repository’s security settings – Repository security advisories…

Our full year of 2023 transparency reporting data is now available and we’re taking a deep dive into how a form change caused an abrupt increase in circumvention claims.

While AI revolutionizes software development, it still relies on developers to pilot its use. In this blog, we’ll cover the skills that developers need to have for navigating this new AI-powered coding frontier.

With this version, customers can choose how to best scale their security strategy, gain more control over deployments, and so much more.