A new asset in security management is now available for GitHub enterprise users. Reinforcing the “shift left” philosophy, this feature is designed to integrate security into the heart of the…
Learn about how GitHub Advanced Security’s new AI-powered features can help you secure your code more efficiently than ever.
GitHub Advanced Security billing API and CSV download now includes active committer email addresses
Dependabot user-defined rules for security updates and alerts; enforcement of auto-triage rules and presets for organizations (public beta)
We’re excited to highlight another top contributing researcher to GitHub’s Bug Bounty Program—@Ammar Askar!
GitHub Advanced Security is part of GitHub Enterprise Cloud trial
Codespaces Repository Access and Security Setting Removal
For this year’s Cybersecurity Awareness Month, the GitHub bug bounty team is excited to feature another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program—@inspector-ambitious!
GitHub Advanced Security only consumes licenses for commits and pushes made after a repository is migrated to GitHub
The GitHub Security Lab audits open source projects for security vulnerabilities and helps maintainers fix them. Recently, we passed the milestone of 500 CVEs disclosed. Let’s take a trip down memory lane with a review of some noteworthy CVEs!
GitHub Advanced Security for Azure DevOps is now generally available. Enable secret scanning, dependency scanning, and code scanning on your organization directly in Azure DevOps configuration settings.
You can now export data from the risk and coverage pages to a comma-separated values (CSV) file. This feature supports exporting repository-specific data based on applied filters. Learn more about…
It was another record year for our Security Bug Bounty program! We’re excited to highlight some achievements we’ve made together with the bounty community in 2022!
Get repository security advisories for your organization via REST API
Request a CVE identifier for your repository security advisory via REST API
pnpm Support for Dependency Graph, Dependabot Alerts, and Dependabot Security Updates
Add collaborators to a draft security advisory with the REST API
GitHub has identified a low-volume social engineering campaign that targets the personal accounts of employees of technology firms. No GitHub or npm systems were compromised in this campaign. We’re publishing this blog post as a warning for our customers to prevent exploitation by this threat actor.
Update and Show Status of Dependabot Security Updates in API
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
