Dependabot grouped security updates are now generally available. This feature automatically groups Dependabot pull requests, lets you specify several additional options to fine tune your groupings. You can enable grouped…
Today, we’re releasing a host of new insights to the security overview dashboard, as well as an enhanced secret scanning metrics page. New dashboard insights Third-party alerts integration: Beyond GitHub’s…
Starting today, you can take advantage of the new “age” grouping for the alert trends graph and explore enhanced filter options on the security overview dashboard, aimed at improving your…
You can now monitor enablement trends for all security products within your GitHub organization. This functionality is designed to give you a detailed overview of how your organization is implementing…
Previously, if you specified your private registry configuration in the dependabot.yml file and also had a configuration block for that ecosystem using the target-branch key, Dependabot security updates wouldn’t utilize…
Dependabot security updates help you keep your dependencies secure by opening pull requests when a Dependabot alert is raised. With today’s release, you can now use flexible grouping options in…
CodeQL is the static analysis engine that powers GitHub code scanning. CodeQL version 2.16.3 has been released and has now been rolled out to code scanning users on GitHub.com. Important…
Learn to find and fix security issues while having fun with Secure Code Game, now with new challenges focusing on JavaScript, Python, Go, and GitHub Actions!
A peek under the hood of GitHub Advanced Security code scanning autofix.
The Fundamentals program has helped us address tech debt, improve reliability, and enhance observability of our engineering systems.
When socializing a new security tool, it IS possible to build a bottom-up security culture where engineering has a seat at the table. Let’s explore some effective strategies witnessed by the GitHub technical sales team to make this shift successful.
Reduce pull request noise and fix multiple security alerts at once with Dependabot grouped security updates. Starting today, you can enable grouped security updates for Dependabot at the repository or…
As of February 15th, 2024, you will no longer be able to create security advisories in private repositories. Formerly published advisories will no longer be available. This change does not…
Improve your GitHub Action’s security posture by securing your source repository, protecting your maintainers, and making it easy to report security incidents.
A new asset in security management is now available for GitHub enterprise users. Reinforcing the “shift left” philosophy, this feature is designed to integrate security into the heart of the…
Learn about how GitHub Advanced Security’s new AI-powered features can help you secure your code more efficiently than ever.
The GitHub Advanced Security billing REST API and CSV download now includes the email addresses for active committers. This provides information for insights into Advanced Security license usage across your…
Auto-triage rules are a powerful tool to help you reduce alert and pull request fatigue substantially, while better managing your alerts at scale. What’s changing? Starting today, you can define…
We’re excited to highlight another top contributing researcher to GitHub’s Bug Bounty Program—@Ammar Askar!
You can now access CodeQL, Secret Scanning, and other features of GitHub Advanced Security as part of your GitHub Enterprise Cloud trial. Enterprise admins can enable GitHub Advanced Security under…
On December 21st, 2023 GitHub Codespaces plans to remove the deprecated Repository Access and Security setting. Rather than configuring cross-repository access at the account level, we now recommend declaring cross-repository…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Last chance: Save $700 on your IRL pass to Universe and join us on Oct. 28-29 in San Francisco.
