Dependabot will now fail gracefully with informative error messages when an unsupported NuGet project type is encountered. If you were using an unsupported project type previously, Dependabot might have failed…
Dependency review helps you understand dependency changes and the security impact of these changes at every pull request. We have updated the dependency review action to include information from the…
Code scanning autofix is now available in public beta for all GitHub Advanced Security customers. Powered by GitHub Copilot, code scanning suggests fixes for Javascript, Typescript, Java, and Python alerts…
Now in public beta for GitHub Advanced Security customers, code scanning autofix helps developers remediate more than two-thirds of supported alerts with little or no editing.
Starting today for GitHub Enterprise Cloud and as part of GitHub Enterprise Server version 3.13, enterprise and organization audit log events will include the applicable SAML and SCIM identity data…
In this post, I’ll look at CVE-2023-6241, a vulnerability in the Arm Mali GPU that allows a malicious app to gain arbitrary kernel code execution and root on an Android phone. I’ll show how this vulnerability can be exploited even when Memory Tagging Extension (MTE), a powerful mitigation, is enabled on the device.
Previously, if Dependabot encountered 30 consecutive failures, it would stop running scheduled jobs until manual intervention via updating the dependency graph or manifest file. Dependabot will now pause scheduled jobs…
CodeQL is the static analysis engine that powers GitHub code scanning. CodeQL version 2.16.4 has been released and has now been rolled out to code scanning users on GitHub.com. CodeQL…
Secret scanning now helps you more easily define custom patterns with GitHub Copilot. As of today, you can leverage AI to generate custom patterns without expert knowledge of regular expressions.…
All new public repositories owned by personal accounts will now have secret scanning and push protection enabled by default. Pushes to the repository that include known secrets will be blocked…
You can now use the REST API to check if a repository has private vulnerability reporting enabled. Learn more about: – Evaluating a repository’s security settings – Repository security advisories…
Our full year of 2023 transparency reporting data is now available and we’re taking a deep dive into how a form change caused an abrupt increase in circumvention claims.
While AI revolutionizes software development, it still relies on developers to pilot its use. In this blog, we’ll cover the skills that developers need to have for navigating this new AI-powered coding frontier.
With this version, customers can choose how to best scale their security strategy, gain more control over deployments, and so much more.
GitHub Enterprise Server 3.12 is generally available GitHub Enterprise Server 3.12 is now generally available and gives customers more fine-grained control over deployment requirements, as well as enhanced security controls.…
Discover how keeping repository maintainer information accurate through CODEOWNERS files and automating maintenance with tools like cleanowners fosters efficient collaboration and sustainable software projects.
Learn what GitHub Copilot can help your business achieve in this expert-guided GitHub Learning Pathway, featuring insights from tech leaders at top organizations.
We’ve started the rollout for enabling push protection on all free user accounts on GitHub. This automatically protects you from accidentally committing secrets to public repositories, regardless of whether the…
With push protection now enabled by default, GitHub helps open source developers safeguard their secrets, and their reputations.
Our most advanced AI offering to date is customized to your organization’s knowledge and codebase, infusing GitHub Copilot throughout the software development lifecycle.
Enterprise Managed Users can now enable secret scanning on their user namespace repositories. Owners of user repositories will receive secret scanning alerts when a supported secret is detected in their…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.
