The GitHub Advanced Security billing REST API and CSV download now includes the email addresses for active committers. This provides information for insights into Advanced Security license usage across your…
Auto-triage rules are a powerful tool to help you reduce alert and pull request fatigue substantially, while better managing your alerts at scale. What’s changing? Starting today, you can define…
We’re excited to highlight another top contributing researcher to GitHub’s Bug Bounty Program—@Ammar Askar!
You can now access CodeQL, Secret Scanning, and other features of GitHub Advanced Security as part of your GitHub Enterprise Cloud trial. Enterprise admins can enable GitHub Advanced Security under…
On December 21st, 2023 GitHub Codespaces plans to remove the deprecated Repository Access and Security setting. Rather than configuring cross-repository access at the account level, we now recommend declaring cross-repository…
For this year’s Cybersecurity Awareness Month, the GitHub bug bounty team is excited to feature another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program—@inspector-ambitious!
GitHub Advanced Security now automatically only consumes licenses for commits and pushes made after a repository is migrated to GitHub, rather than considering all historic contributions from before the migration.…
The GitHub Security Lab audits open source projects for security vulnerabilities and helps maintainers fix them. Recently, we passed the milestone of 500 CVEs disclosed. Let’s take a trip down memory lane with a review of some noteworthy CVEs!
GitHub Advanced Security for Azure DevOps is now generally available. Enable secret scanning, dependency scanning, and code scanning on your organization directly in Azure DevOps configuration settings.
You can now export data from the risk and coverage pages to a comma-separated values (CSV) file. This feature supports exporting repository-specific data based on applied filters. Learn more about…
Dependabot can now open pull requests to resolve alerts for your Gradle dependencies! If you have used the dependency submission API to upload your Gradle dependencies to the dependency graph…
It was another record year for our Security Bug Bounty program! We’re excited to highlight some achievements we’ve made together with the bounty community in 2022!
As an organization owner or member of the security manager role, you can now use the repository security advisories REST API to get all repository security advisories across your organization.…
You can now use the REST API to request a CVE identifier for your repository security advisories. Learn more about repository security advisories and CVE identification numbers.
pnpm is now fully supported by dependency graph, Dependabot alerts, and Dependabot security updates! If you manage your Node.js dependencies with the pnpm package manager, you can now receive and…
You can now use the REST API to get global security advisories from the Advisory Database. This makes it easy to get access to the Advisory Database’s free, open source…
You can now use the REST API to add collaborators to your draft security advisory. Learn more about the repository security advisories REST API
GitHub has identified a low-volume social engineering campaign that targets the personal accounts of employees of technology firms. No GitHub or npm systems were compromised in this campaign. We’re publishing this blog post as a warning for our customers to prevent exploitation by this threat actor.
You will now be able to see whether Dependabot security updates are enabled or disabled in the security and analysis block within the repository information you can fetch from the…
Today we are announcing the general availability of our organization and enterprise-level security risk and coverage pages. Additionally, the alert-centric pages for Dependabot, code scanning, and secret scanning are also…
The latest release of CodeQL for VS Code includes new functionality for creating lists of target repositories for multi-repository variant analysis with GitHub code search. Multi-repository variant analysis (MRVA) allows…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Last chance: Save $700 on your IRL pass to Universe and join us on Oct. 28-29 in San Francisco.
