Search results for: Security

A look at what happened on January 30, what measures we’re putting in place to prevent surprises, and how we’ll handle future changes.

Learn about CodeQL’s improved user experience and enhancements that let you scan new languages, detect new types of CWEs, and perform deeper analyses of your applications.

Looking back over a year’s worth of developer-first content moderation and, new in this report, making our data more accessible to researchers.

GitHub Copilot for Business is now available to Free, Team, and GitHub Enterprise Cloud customers. This update allows more organizations to give their developers access to GitHub Copilot’s powerful AI…

We’re launching new improvements to GitHub Copilot to make it more powerful and more responsive for developers.

GitHub Copilot is the world’s first at-scale AI developer tool and we’re now offering it to every developer, team, organization, and enterprise.

Dependency graph now supports parsing Python dependencies for pyproject.toml files that follow the PEP 621 standard. Learn more about the dependency graph

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…

Dependency graph automatically supports many ecosystems, but some additional ecosystems require configuration to submit dependencies with the dependency submission API. The community maintains several GitHub Actions that make this easier.…

CodeQL is the engine that powers GitHub code scanning, used by more than 100,000 repositories to catch security vulnerabilities before they cause issues in deployments. CodeQL is fully integrated into…

Following feedback from code scanning users, we’ve moved documentation about the CodeQL CLI from codeql.github.com to docs.github.com, the main GitHub Docs site. You can now find the articles under the…

What’s new? Starting today, anyone with repository write or maintain roles will be able to view and act on Dependabot alerts by default. Previously, only repository admins could view and…

Code scanning can now be set up to never cause a pull request check failure. By default, any code scanning alerts with a security-severity of critical or high will cause…

Explore how GitHub Advanced Security can help address several of the OWASP Top 10 vulnerabilities

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…

Previously, GitHub Actions gets a GITHUB_TOKEN with both read/write permissions by default whenever Actions is enabled on a repository. As a default, this is too permissive, so to improve security…

GitHub Enterprise Cloud customers can now join a private beta which allows API request events to be streamed as part of their enterprise audit log. In this private beta, REST…

In January 2022, GitHub announced audit log streaming to AWS is generally available. By streaming the audit log for your enterprise, enterprises benefit from: Data exploration: Examine streamed events using…

Update to the latest version of Desktop and previous version of Atom before February 2.

Object Graph Notation Language (OGNL) is a popular, Java-based, expression language used in popular frameworks and applications, such as Apache Struts and Atlassian Confluence. Learn more about bypassing certain OGNL injection protection mechanisms including those used by Struts and Atlassian Confluence, as well as different approaches to analyzing this form of protection so you can harden similar systems.

Organization admins and security managers can now enable private vulnerability reporting for all public repositories within an organization at once. With this enhancement, you no longer have to enable the…