Git Archives
…Git security vulnerabilities announced Today, the Git project released new versions to address seven security vulnerabilities that affect all prior versions of Git. Highlights from Git 2.50 The open source Git…
Search
Raising the bar: Quality, shared responsibility, and the future of GitHub's bug bounty program
…bug bounty Security security research Written by Senior Product Security Engineer, Bug Bounty Related posts Security Securing the git push pipeline: Responding to a critical remote code execution vulnerability How we validated…
The latest on AI & ML
…Build agentic AI security skills with the GitHub Secure Code Game Learn to find and exploit real-world agentic AI vulnerabilities through five progressive challenges in this free, open source game that…
Search and filter bar for repository security advisories - GitHub Changelog
Back to changelog You can now search and filter security advisories directly from your repository’s Security tab. Use the new search bar and filters at the top of the advisory list…
The Security tab is now Security & quality - GitHub Changelog
…What’s changed The Security tab is now Security & quality at the repository, organization, and enterprise levels. The repository sidebar section previously labeled Vulnerability alerts is now Findings . The repository sidebar includes…
Prioritize security alerts with runtime context from Dynatrace - GitHub Changelog
…alerts, both on the alert pages and in security campaigns. For example, you can filter a large list down to just those vulnerabilities that affect deployed artifacts and are exposed to the…
Deployment context in repository properties and alerts - GitHub Changelog
…This context helps your security team: Triage alerts based on actual runtime context, rather than treating every alert as equally urgent. Quickly identify which vulnerabilities exist in services that are at higher…
CodeQL now supports sanitizers and validators in models-as-data - GitHub Changelog
Back to changelog CodeQL is the static analysis engine behind GitHub code scanning , which finds and remediates security issues in your code. You can now define custom sanitizers and validators using data…
Dependabot now detects malware in npm dependencies - GitHub Changelog
…You can also enforce malware alerting through security configurations. Separated from traditional alerts : Malware alerts appear as a distinct subcategory within Dependabot alerts, keeping them clearly separated from CVE-based vulnerability alerts…
GitHub Copilot in Visual Studio — March update - GitHub Changelog
…Fix vulnerabilities with Copilot : Copilot can now fix NuGet package vulnerabilities directly from Solution Explorer. Click the Fix with GitHub Copilot link when a vulnerability is detected, and Copilot recommends targeted dependency…