Search results for: Security

The CodeQL package manager is now available in public beta on GitHub.com. CodeQL packages can contain CodeQL queries and CodeQL libraries — and of course you can express dependencies between…

This month, we have some exciting updates to share. A lot of you have welcomed the improvements to your ability to sync a forked repo with upstream from the web…

GitHub Secret Scanning scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally. This protects users from fraud and data leaks. GitHub has…

We’ve improved the depth of CodeQL’s analysis by adding support for more libraries and frameworks and increasing the coverage of our existing library and framework models for several languages (C++,…

Code scanning with CodeQL now generates diagnostic information for all supported languages. Before analyzing your code, CodeQL first creates a CodeQL database containing all of the important information about your…

The latest release of the CodeQL CLI supports creating CodeQL databases for multiple languages in a single command. This makes it easier for customers using CI/CD systems other than GitHub…

Unless a specific time is provided, Dependabot version updates run at 5AM UTC daily, weekly, or monthly; however, this results in large usage spikes that slow down updates for everyone.…

In May, GitHub shipped a total of 20 new features. We love what we do, but we know it’s a lot to keep up with. So we’re trying something new on the GitHub Blog—a monthly recap of everything that shipped to Changelog in the past month. Check out some of the updates you might have missed.

polkit is a system service installed by default on many Linux distributions. It’s used by systemd, so any Linux distribution that uses systemd also uses polkit.

Dependabot version updates now supports Terraform <= 1.0. We have also added support for lockfiles, providers, and private registries. Thank you to @jmahowald and @userhas404d whose contributions were critical in…

Dependabot security and version updates now support pip version 21.1.2, pip-tools version 6.1.0, and pipenv version 2021-05-29. This release also removes support for Python 2, which was officially sunset on…

If you commit a secret to a public repository, the whole world can see it. GitHub secret scanning helps protect you from fraud and data breaches by scanning for leaked…

GitHub secret scanning has been securing our users’ code by scanning for and revoking secrets since 2015. Recently, we’ve focused on scanning for package registry credentials as well—a significant and…

GitHub Advanced Security customers can now specify custom patterns for use in private repo secret scanning. When a new pattern is specified, secret scanning searches a repository’s entire git history…

One month ago, we started a discussion with the community about proposed revisions to clarify GitHub’s policies on security research, malware, and exploits with the goal to enable, welcome, and…

GitHub Enterprise Server 3.1 is now generally available for all customers. It helps customers work with large, busy repositories, while enabling developers to develop and deploy with less effort than…

You can now configure which code scanning alert severity levels cause a pull request check to fail. This lets you prevent pull requests that generate alerts with chosen severity levels…

Free text search is now available for code scanning alerts. You can search code scanning results to quickly find specific alerts without having to know exact search terms. The search…

Dependabot version updates now have the ability to ignore major, minor, or patch updates for a specific dependency or set of dependencies. For instance, you can use this feature to…

The GitHub Advisory Database now includes sixty curated Go advisories and will continue to grow as we curate existing and new advisories for the Go ecosystem. The addition of Go…

GitHub Enterprise Cloud self-service compliance reports have moved to the compliance tab. Enterprise owners may download and view current GitHub compliance reports from the Compliance tab of their enterprise account:…