Search results for: Security

We announced two weeks ago that we are changing how you receive notifications for secret scanning alerts. From today, those changes are in effect. What action should I take? If…

Code scanning is now using a new way of analysing and displaying alerts on pull requests. The change ensures code scanning only shows accurate and relevant alerts for the pull…

We’re looking forward to working with policymakers to improve cybersecurity and support developers.

The “Require SSH certificates” policy now allows GitHub apps to call Git APIs using a user-to-server token, bringing them up to parity with OAuth app support. The SSH certificate requirement…

GitHub Security was notified about an issue where users still had access to organizations after being removed. Our Security team investigated potential instances and determined there were occasional instances where…

GitHub organization owners can now opt-in to a public beta to display organization members’ IP addresseses in audit logs events. When enabled, IP addresses will be displayed for all audit…

If you use Gradle Version Catalogs to centralize managing dependencies for a Gradle project, you will now be able to use Dependabot version updates to keep these dependencies up-to-date! You…

If you use versioned reusable workflows in GitHub Actions, you can now use Dependabot version updates to keep those workflows up-to-date in your repositories! This is useful for anyone using…

We are open sourcing our own OSPO policies, tools, and guides to help other OSPOs get started.

We are preparing to bring powerful new code search capabilities to GitHub. As part of that effort, on April 10, 2023, we will make several changes to the code search…

Developers are at the heart of our online world and at the forefront of creating solutions for global challenges, working to make the software that underpins our digital infrastructure more secure, reliable, and safe.

Dependency graph and Dependabot now parse and update package-lock.json files set with lockfileVersion: 3, which is used by npm v9. Users will receive Dependabot alerts for dependencies with known vulnerabilities.…

Code scanning configurations can now be deleted from the code scanning alert page. This could be used to delete stale configurations causing alerts to remain open, or delete old configurations…

In a world where software and hardware is ubiquitous, GitHub can help enable secure development for mission-critical embedded systems.

Today we have released multi-repository variant analysis for CodeQL in public beta to help the OSS security community power up their research with CodeQL. CodeQL is the static code analysis…

Join us virtually on March 28-31 for GitHub Galaxy, a global enterprise event focused on improving efficiency, security, and developer productivity.

With updates to GitHub Actions, repositories, and GitHub Advanced Security, this new version of GitHub Enterprise Server is focused on bringing the best developer experience to companies.

Dependency graph no longer ingests go.sum files for Go repositories, and Dependabot no longer alerts on vulnerabilities for dependencies found in go.sum files. Dependencies previously ingested from go.sum files have…

Our community—along with ourselves—took a much needed break over the festive season. Now everyone is back into the full swing of work, and the open source community is showing us…

We are changing how you receive notifications of secret scanning alerts. Previously, to receive secret scanning alert notifications, you had to watch a repository with “All activity” or “Security alerts”…

You can now enable secret scanning alerts on all your personal public repositories from your account’s code security and analysis settings. As before, you can also enable secret scanning alerts…