Search results for: Security

Explore how using GitHub and HashiCorp together enables enterprises to develop and ship to their customers faster and more secure with consistent workflows and actions.

What’s new? This feature makes it easier to enable Dependabot alerts and check enablement status across all your repositories at an enterprise level, with updates across both enablement UI and…

Secret scanning alerts are now generally available for all public repositories. Admins can now turn on the alert experience with one click.

Learn how to enable developer productivity and collaboration while staying secure and compliant. Stay compliant without slowing down your business. From security to CI/CD, automate every step of your software workflow—so your developers can stay focused on what matters most: building.

Policymakers around the world are developing policies that impact how software gets built and who gets to build it, see the latest now.

CVE-2022-25664, a vulnerability in the Qualcomm Adreno GPU, can be used to leak large amounts of information to a malicious Android application. Learn more about how the vulnerability can be used to leak information in both the user space and kernel space level of pages, and how the GitHub Security Lab used the kernel space information leak to construct a KASLR bypass.

The Primary field on two-factor authentication methods has been removed, and replaced with a Preferred option. This new option sets your preferred 2FA method for account login and use of…

GitHub Copilot boosts developer productivity, but using it responsibly still requires good developer and DevSecOps practices.

To ensure the security of our infrastructure, on Tuesday, February 28th, 2023 GitHub Pages sites that contain symbolic links will no longer build outside of GitHub Actions. The majority of…

A look at what happened on January 30, what measures we’re putting in place to prevent surprises, and how we’ll handle future changes.

Learn about CodeQL’s improved user experience and enhancements that let you scan new languages, detect new types of CWEs, and perform deeper analyses of your applications.

Looking back over a year’s worth of developer-first content moderation and, new in this report, making our data more accessible to researchers.

GitHub Copilot for Business is now available to Free, Team, and GitHub Enterprise Cloud customers. This update allows more organizations to give their developers access to GitHub Copilot’s powerful AI…

We’re launching new improvements to GitHub Copilot to make it more powerful and more responsive for developers.

GitHub Copilot is the world’s first at-scale AI developer tool and we’re now offering it to every developer, team, organization, and enterprise.

Dependency graph now supports parsing Python dependencies for pyproject.toml files that follow the PEP 621 standard. Learn more about the dependency graph

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…

Dependency graph automatically supports many ecosystems, but some additional ecosystems require configuration to submit dependencies with the dependency submission API. The community maintains several GitHub Actions that make this easier.…

CodeQL is the engine that powers GitHub code scanning, used by more than 100,000 repositories to catch security vulnerabilities before they cause issues in deployments. CodeQL is fully integrated into…

Following feedback from code scanning users, we’ve moved documentation about the CodeQL CLI from codeql.github.com to docs.github.com, the main GitHub Docs site. You can now find the articles under the…

What’s new? Starting today, anyone with repository write or maintain roles will be able to view and act on Dependabot alerts by default. Previously, only repository admins could view and…