Search results for: Security

GitHub Advanced Security users can now view alert metrics for custom patterns at the repository, organization, and enterprise levels directly from the custom pattern’s page. Custom patterns with push protection…

Learn more about static analysis and how to use it for security research!
In this blog post series, we will take a closer look at static analysis concepts, present GitHub’s static analysis tool CodeQL, and teach you how to leverage static analysis for security research by writing custom CodeQL queries.

These changes will improve the experience for custom query authors and enable better precision in some of our standard queries. Learn how to enable them for your custom queries.

The dependency graph shows a summary of the manifest and lock files stored in a repository. The repository view has an updated user experience that includes: Search by package name…

A software bill of materials (SBOM) is a standardized inventory of a software project’s dependencies and associated metadata (versions, licenses, etc). You can now export your repository’s dependency graph as…

Developers and compliance teams get a new SBOM generation tool for cloud repositories.

Learn how GitHub’s one, integrated platform–powered by AI and secure at every step—helps developer teams be more productive, collaborative, and efficient.

The new code scanning tool status page allows users to view the status of CodeQL and other code scanning tools. The page shows all the tools that are enabled on…

The repository dependency graph GraphQL API preview now returns dependencies that have been submitted using the dependency submission API. Learn more about the dependency graph Learn more about the dependency…

In addition to Ubuntu & Windows, GitHub Actions now attaches a SBOM (Software Bill of Materials) to hosted runner image releases for macOS. In the context of GitHub Actions hosted…

At approximately 05:00 UTC on March 24, out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations for GitHub.com.

GitHub Security was notified about an issue where private issue and pull request titles would be displayed in search results. Our Security team investigated potential instances and determined that this…

Writing secure code is as much of an art as writing functional code, and it is the only way to write quality code. Learn how our Secure Code Game can provide you with hands-on training to spot and fix security issues in your code so that you can build a secure code mindset.

Code scanning have shipped an API for repositories to programmatically enable code scanning default setup with CodeQL. The API can be used to: Onboard a repository to default setup: gh…

Enabling CodeQL analysis with code scanning default setup for eligible repositories in your organization is now as easy as a single click from the organization’s settings page or a single…

We announced two weeks ago that we are changing how you receive notifications for secret scanning alerts. From today, those changes are in effect. What action should I take? If…

Code scanning is now using a new way of analysing and displaying alerts on pull requests. The change ensures code scanning only shows accurate and relevant alerts for the pull…

We’re looking forward to working with policymakers to improve cybersecurity and support developers.

The “Require SSH certificates” policy now allows GitHub apps to call Git APIs using a user-to-server token, bringing them up to parity with OAuth app support. The SSH certificate requirement…

GitHub Security was notified about an issue where users still had access to organizations after being removed. Our Security team investigated potential instances and determined there were occasional instances where…

GitHub organization owners can now opt-in to a public beta to display organization members’ IP addresseses in audit logs events. When enabled, IP addresses will be displayed for all audit…