• 👋 Hi, I’m @BLACKWOLFX12
• 👀 I’m interested in ...
• 🌱 I’m currently learning ...
• 💞️ I’m looking to collaborate on ...
• 📫 How to reach me ...
• 😄 Pronouns: ...
• ⚡ Fun fact: ...

MicrosoftDocs/azure-docs#124787 (comment) to content / Blog

security Subscribe to all “security” posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

security Copilot Autofix for Dependabot now available for TypeScript repositories (private preview) October 29, 2024 advanced-securitycopilotdependabotsecuritysecurity-and-compliance Copilot Autofix for Dependabot is now available in private preview for TypeScript repositories.

See more New PAT rotation policies preview and optional expiration for fine-grained PATs October 18, 2024 apienterprisesecurity Enterprise and organization administrators can now set limits on token lifetimes for the personal access tokens (PATs) used against their resources. These policies mandate token rotation on a regular basis and reduce how long a compromised token is good for, while also providing a lever to reduce the use of less-secure PATs in your company. This public preview is available for all enterprises and organizations, and will be included in GHES 3.16.

See more EPSS Scores in the GitHub Advisory Database October 10, 2024 advisory-databasesecurity The GitHub Advisory Database now features the Exploit Prediction Scoring System (EPSS) from the global Forum of Incident Response and Security Teams (FIRST), helping you better assess vulnerability risks.

See more Announcing TISAX for GitHub October 1, 2024 compliancesecuritysecurity-and-compliance GitHub is now a participant in TISAX with an Assessment Level 2 (AL2) label in the ENX Portal. TISAX is a recognized assessment and exchange mechanism for the German automotive industry, ensuring that companies meet specific information security requirements. It is based on the German Association of the Automotive Industry or Verband de Automobile (VDA) Information Security Assessment (ISA) catalog, which aligns most closely with ISO/IEC 27001.

See more CodeQL 2.19.0: TypeScript 5.6 and Go 1.23 support, new queries for JavaScript and Ruby September 25, 2024 advanced-securitycode-scanningcodeqlsecuritysecurity-and-compliance CodeQL version 2.19.0 has been released and has now been rolled out to code scanning users on GitHub.com. CodeQL is the static analysis engine that powers GitHub code scanning.

See more GitHub security advisories support CVSS 4.0 September 13, 2024 advisory-databasesecuritysecurity-and-compliancesupply-chain GitHub security advisories now support the new CVSS 4.0 schema. CVSS, or the Common Vulnerability Scoring System, is an industry standard maintained by FIRST. The CVSS 4.0 standard adds new metrics for a more thorough assessment of the risk of a particular vulnerability.

See more CodeQL code scanning can analyze Java and C# codebases without needing a build (GA) August 28, 2024 advanced-securitycode-scanningcodeqlsecuritysecurity-and-compliance CodeQL code scanning can now analyze Java and C# code without having to observe a build. This makes it easier to roll out the security analysis on large numbers of repositories, especially when enabling and managing repositories with GHAS security configurations.

See more CodeQL 2.18.1: Kotlin & Swift mobile support is generally available, TypeScript 5.5 support, C# build-mode: none public beta July 26, 2024 advanced-securitycode-scanningcodeqlsecuritysecurity-and-compliance CodeQL is the static analysis engine that powers GitHub code scanning. CodeQL version 2.18.1 has been released and has now been rolled out to code scanning users on GitHub.com.

See more Validation on package name when submitting a new GitHub security advisory (GHSA) July 26, 2024 advisory-databasesecuritysecurity-and-compliancesecurity-productssupply-chain To make it easier to submit security advisories, GitHub now validates package names.

See more Enable secret scanning for non-provider patterns on repositories with the REST API July 23, 2024 advanced-securitysecret-scanningsecuritysecurity-and-compliance GitHub Advanced Security customers using secret scanning can now use the REST API to enable or disable support for non-provider patterns at the repository level.

See more Secret scanning detects generic passwords with AI (public beta) July 16, 2024 advanced-securitysecret-scanningsecuritysecurity-and-compliance Secret scanning now detects generic passwords using AI. Passwords are difficult to find with custom patterns — the AI-powered detection offers greater precision for unstructured credentials that can cause security breaches if exposed.

See more Dependabot migration to GitHub Actions for Enterprise Cloud and Free, Pro, and Teams accounts with Actions enabled July 10, 2024 advanced-securitydependabotsecuritysecurity-and-compliance Over the next few weeks, jobs generating Dependabot pull requests will start running as GitHub Actions workflows on Github.com accounts with GitHub Actions enabled. This migration will include faster Dependabot runs, increased troubleshooting visibility, self-hosted runner support, and other performance and feature benefits. No additional steps are required, and you should not experience service disruptions during the migration. By the beginning of September, repositories with GitHub Actions enabled should expect to see the jobs that generate Dependabot pull requests run as GitHub Actions workflows.

See more Artifact Attestations is generally available June 25, 2024 actionssecurity GitHub Artifact Attestations is generally available See more Simplified dependabot.yml configuration with multi-directory key (directories) and wildcard / glob (*) support June 25, 2024 advanced-securitydependabotsecuritysecurity-and-compliance Dependabot version updates requires developers to configure and check in a dependabot.yml file. In the past, it was challenging for administrators to configure a dependabot.yml that works for all repositories without per-repo customization. With this change, you can now specify multiple directories of dependency manifests using the directories key. Directories can be configured with wildcards or globbing to make targeting easier as well. This will simplify the process of creating configurations and allow greater flexibility for developers who wish to customize their behavior.

See more CodeQL can scan C# projects without requiring working builds (public beta) June 20, 2024 advanced-securitycode-scanningcodeqlsecuritysecurity-and-compliance CodeQL, the static analysis engine that powers GitHub code scanning, can now analyze C# projects without needing a build. This public beta capability enables organizations to more easily roll out CodeQL at scale. Previously, CodeQL required a working build to analyze C# projects. By removing that requirement, our large-scale testing has shown that CodeQL can be successfully enabled for over 90% of C# repos without manual intervention. This new way of analyzing C# codebases is now enabled by default for all code scanning users on GitHub.com. CodeQL CLI users can enable this feature using the build-mode: none flag, starting with version 2.17.6.

See more Product Features Security Enterprise Customer Stories Pricing Resources Platform Developer API Partners Atom Electron GitHub Desktop Support Docs Community Forum Training Status Contact Company About Blog Careers Press Shop GitHub on X GitHub on Facebook GitHub on YouTube GitHub on Twitch GitHub on TikTok GitHub on LinkedIn GitHub’s organization on GitHub © 2024 GitHub, Inc. Terms Privacy