pnpm is now fully supported by dependency graph, Dependabot alerts, and Dependabot security updates! If you manage your Node.js dependencies with the pnpm package manager, you can now receive and…
You can now use the REST API to get global security advisories from the Advisory Database. This makes it easy to get access to the Advisory Database’s free, open source…
You can now use the REST API to add collaborators to your draft security advisory. Learn more about the repository security advisories REST API
GitHub has identified a low-volume social engineering campaign that targets the personal accounts of employees of technology firms. No GitHub or npm systems were compromised in this campaign. We’re publishing this blog post as a warning for our customers to prevent exploitation by this threat actor.
You will now be able to see whether Dependabot security updates are enabled or disabled in the security and analysis block within the repository information you can fetch from the…
Today we are announcing the general availability of our organization and enterprise-level security risk and coverage pages. Additionally, the alert-centric pages for Dependabot, code scanning, and secret scanning are also…
The latest release of CodeQL for VS Code includes new functionality for creating lists of target repositories for multi-repository variant analysis with GitHub code search. Multi-repository variant analysis (MRVA) allows…
Building upon the success of our organization-level security coverage and risk views, today we’re introducing enterprise-level views to offer enhanced visibility into your enterprise’s security coverage and risk analysis. The…
We’ve shipped a small fix to improve security around creation of pull requests in public repos. Prior to this fix and under very specific conditions, a user could create a…
All eligible GitHub Enterprise accounts can now try GitHub Advanced Security for free for 14 days. GitHub Advanced Security provides integrated security with unparalleled access to curated security intelligence. This…
Announcing important changes to what it means for a pull request to be ‘approved’. If you use pull requests with protected branches, there are some important security improvements rolling out…
We’ve launched the beta of code scanning support for Swift. This launch, paired with our launch of Kotlin support in November, means that CodeQL covers both IOS and Android development languages, bringing a heightened level of security to the mobile application development process.
GitHub Advanced Security for Azure DevOps is now available for public preview, making GitHub’s same application security testing tools natively available on Azure Repos.
Secret scanning’s push protection feature is now generally available for GitHub Advanced Security customers. Customers can enable push protection for any private repository that has GitHub Advanced Security. Push protection…
Code scanning’s tool status gives you a bird’s eye view of your application security stack, allowing you to quickly confirm everything is working, or troubleshoot any tool in your application security arsenal.
A new set of Git releases were published to address a variety of security vulnerabilities. All users are encouraged to upgrade. Take a look at GitHub’s view of the latest round of releases.
Available in public beta today, the security coverage page now includes multi-repository enablement, which lets you enable or disable security features across several repositories at once. This feature improves upon…
You can now programmatically view and act on repository advisories via a new REST API. New endpoints to create, view, list, and update advisories are available to all. Additionally, new…
We’ve recently released a few improvements to the slide-out enablement panel on the security coverage page in security overview: Active committers for the repository are now visible, providing insight into…
You can now enable the “security extended” query suite for repositories using code scanning default setup with CodeQL. This query suite can be selected during set up, or changed at…
Learn about using GitHub Advanced Security alerts with vulnerability management tools. Check out the integrations and learn about how to get started.
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.
