You can now use Copilot Chat in GitHub.com to search across GitHub to find and learn more about GitHub Advanced Security Alerts from code scanning, secret scanning, and Dependabot. This…
Now, secret scanning non-provider patterns are included in the GitHub-recommended security configuration. Non-provider patterns have also been automatically enabled for any repositories with the recommended configuration previously attached. Secret scanning…
You can now enable non-provider patterns (generic patterns) through security configurations at the organization level. Non-provider patterns will also be included in the GitHub-recommended security configuration on August 23, 2024.…
You can now retrieve the code security configuration applied to a specific repository via the repos endpoint in the REST API. Previously, you could only retrieve all the repositories associated…
We are streamlining the deployment of GitHub’s security products at scale with code security configurations. This functionality simplifies the rollout of GitHub security products by defining collections of security settings…
Enhance your security workflows by exporting security alert data for offline analysis, reporting, and archival purposes with our new CSV export functionality, available at the organization level. CSV exports will…
Today, we are expanding our “pay-as-you-go” model to include GitHub Enterprise (GHE) and GitHub Advanced Security (GHAS) — unifying the GitHub product portfolio as metered services. This provides our customers…
To make it easier to submit security advisories, GitHub now validates package names. When submitting a new GHSA (GitHub Security Advisory) in a repository, the user is prompted to enter…
The enum field indicating a ‘detached’ status will be deprecated from the ‘Get repositories associated with a code security configuration’ endpoint. The endpoint itself will remain. We will replace the…
Code security configurations were made generally available on July 10th, 2024. This experience replaces our old settings experience and its API. If you are currently using the REST API endpoint…
Today, we’re excited to announce the general availability of our new organization and enterprise-level security overview dashboards, alongside enhanced secret scanning metrics and the enablement trends reports. These features are…
GitHub Enterprise Cloud customers can now see code security configurations data in audit log events. Code security configurations simplify the rollout of GitHub security products at scale by defining collections…
The REST API now supports the following code security configuration actions for organizations: – Detach configurations from repositories – Enforce configurations – Enable validity checks for secret scanning in a…
Organization owners and security managers can now filter the table of repositories on the code security configurations settings page by configuration attachment failure reason. This is useful when you’ve attempted…
Code security configurations are now generally available (GA)! Code security configurations simplify the rollout of GitHub security products at scale. They help you define collections of security settings and apply…
Code security configurations will be made generally available (GA) on July 10th, 2024. At that point, we will sunset the organization-level code security settings UI experience along with the API…
Starting today, you can enable validity checks for your GitHub organization through security configurations. You can also enable or disable validity checks at the enterprise level for all enterprise repos.…
You can now use the REST API to create and manage code security configurations, as well as attach them to repositories at scale. The API supports the following code security configuration actions…
GitHub is committed to a secure software ecosystem and requires most developers who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA).To ensure that all…
Let’s take a look at 10 key moments from the first decade of the GitHub Security Bug Bounty program.
Configurations are collections of security settings that organization administrators and security managers can define to help roll out GitHub security products at scale. Starting today, you can enforce configurations. This…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.
