Default setup: A new way to enable GitHub code scanning
Default setup is a new way to automatically set up code scanning on your repository, without the use of a .yaml file.
Tag
CodeQL
Best practices on rolling out code scanning at enterprise scale
Learn best practices on how to roll out centrally managed, developer-centric application security with a third party CI/CD system like Jenkins or ADO.
Transform your software engineering practices with GitHub Enterprise
Go beyond knowing GitHub as the home of open source and explore how GitHub Enterprise can help you transform your software engineering organization and practices.
GitHub enables the development of functional safety applications by adding support for coding standards AUTOSAR C++ and CERT C++
GitHub is excited to announce the release of CodeQL queries that implement the standards CERT C++ and AUTOSAR C++. These queries can aid developers looking to demonstrate ISO 26262 Part 6 process compliance.
5 simple things every developer can do to ship more secure code
From plug-and-play automations to protected branches, here are simple ways any developer can build more secure software on GitHub—all with a free account.
Sharing security expertise through CodeQL packs (Part I)
Introducing CodeQL packs to help you codify and share your knowledge of vulnerabilities.
Code scanning finds more vulnerabilities using machine learning
Today we launched new code scanning analysis features powered by machine learning. The experimental analysis finds more of the most common types of vulnerabilities.
Leveraging machine learning to find security vulnerabilities
A behind-the-scenes peek into the machine learning framework powering new code scanning security alerts.
How the community powers GitHub Advanced Security with CodeQL queries
The GitHub Security Lab’s CodeQL bounty program fuels GitHub Advanced Security with queries written by the open source community.
Blue-teaming for Exiv2: adding custom CodeQL queries to code scanning
The Exiv2 team tightened our security by enabling GitHub’s code scanning feature and adding custom queries tailored to the Exiv2 code base.
Blue-teaming for Exiv2: three rules of bug fixing for better OSS security
When you're fixing a bug, especially a security vulnerability, you should add a regression test, fix the bug, and find & fix variants.
Increasing developer happiness with GitHub code scanning
How GitHub uses code scanning to increase developer happiness, and how you can too.
GitHub Enterprise Server 3.1 available as a release candidate
GitHub Enterprise Server 3.1 is now available to download as a release candidate. This release follows the most popular GitHub Enterprise Server release in years. GitHub Enterprise Server 3.0 brought…
GitHub Capture the Flag results
Earlier this month, we challenged you to a Call to Hacktion—a CTF (Capture the Flag) competition to put your GitHub Workflow security skills to the test. Participants were invited to…
Using GitHub code scanning and CodeQL to detect traces of Solorigate and other backdoors
Last month, a member of the CodeQL security community contributed multiple CodeQL queries for C# codebases that can help organizations assess whether they are affected by the SolarWinds nation-state attack on various parts of critical network infrastructure around the world.
The little bug that couldn’t: Securing OpenSSL
Software security doesn't end at the boundaries of your own code. The moment a library dependency is introduced, you're adopting other people’s code and any bugs that come with it.…