Learn best practices on how to roll out centrally managed, developer-centric application security with a third party CI/CD system like Jenkins or ADO.
We’re taking a look at two commonly-used security tools and detailing how they can help secure your projects.
Today, we’re expanding access to the GitHub security overview! All GitHub Enterprise customers now have access to the security overview, not just those with GitHub Advanced Security. Additionally, all users within an enterprise can now access the security overview, not just admins and security managers.
GitHub is excited to announce the release of CodeQL queries that implement the standards CERT C++ and AUTOSAR C++. These queries can aid developers looking to demonstrate ISO 26262 Part 6 process compliance.
We're taking a look at some of the most common security vulnerabilities and detailing how developers can best protect themselves.
Introducing CodeQL packs to help you codify and share your knowledge of vulnerabilities.
GitHub Actions workflows in the Security category will now appear among the workflow recommendations based on a repository's content.
Today we launched new code scanning analysis features powered by machine learning. The experimental analysis finds more of the most common types of vulnerabilities.
A behind-the-scenes peek into the machine learning framework powering new code scanning security alerts.
A deep dive into how GitHub adds support for new languages to CodeQL.
Use GitHub’s security features to assess Apache Log4j exposure and, where possible, mitigate this vulnerability within your GitHub repositories.
The Exiv2 team tightened our security by enabling GitHub’s code scanning feature and adding custom queries tailored to the Exiv2 code base.
When you're fixing a bug, especially a security vulnerability, you should add a regression test, fix the bug, and find & fix variants.
How GitHub uses code scanning to increase developer happiness, and how you can too.
Today, we’re happy to announce more than 15 new integrations with open source security tools that broaden our language coverage to include PHP, Swift, Kotlin, Ruby, and more.