Skip to content

/ Blog

Try GitHub Copilot Contact sales

AI & ML
- AI & ML
  Learn about artificial intelligence and machine learning across the GitHub ecosystem and the wider industry.
  - Generative AI
    Learn about and how to build with generative AI.
  - GitHub Copilot
    Change how you work with GitHub Copilot.
  - LLMs
    Everything developers need to know about LLMs.
  - Machine learning
    Machine learning tips, tricks, and best practices.
- How AI code generation works
  Explore the capabilities and benefits of AI code generation and how it can improve your developer experience.
  Learn more
Developer skills
- Developer skills
  Resources for developers to grow in their skills and careers.
  - Application development
    Insights and best practices for building apps.
  - Career growth
    Tips & tricks to grow as a professional developer.
  - GitHub
    Improve how you use GitHub at work.
  - GitHub Education
    Learn how to move into your first professional role.
  - Programming languages & frameworks
    Stay current on what’s new (or new again).
- Get started with GitHub documentation
  Learn how to start building, shipping, and maintaining software with GitHub.
  Learn more
Engineering
- Engineering
  Get an inside look at how we’re building the home for all developers.
  - Architecture & optimization
    Discover how we deliver a performant and highly available experience across the GitHub platform.
  - Engineering principles
    Explore best practices for building software at scale with a majority remote team.
  - Infrastructure
    Get a glimpse at the technology underlying the world’s leading AI-powered developer platform.
  - Platform security
    Learn how we build security into everything we do across the developer lifecycle.
  - Scripting & automation
    How GitHub engineers use scripting and automation.
  - User experience
    Find out what goes into making GitHub the home for all developers.
- How we use GitHub to be more productive, collaborative, and secure
  Our engineering and security teams do some incredible work. Let’s take a look at how we use GitHub to be more productive, build collaboratively, and shift security left.
  Learn more
Enterprise software
- Enterprise software
  Explore how to write, build, and deploy enterprise software at scale.
  - Automation
    Automating your way to faster and more secure ships.
  - CI/CD
    Guides on continuous integration and delivery.
  - Collaboration
    Tips, tools, and tricks to improve developer collaboration.
  - DevOps
    DevOps resources for enterprise engineering teams.
  - DevSecOps
    How to integrate security into the SDLC.
  - Governance & compliance
    Ensuring your builds stay clean.
  - Secure enterprise development
    Locking down the SDLC one step at time.
- How enterprise engineering teams can successfully adopt AI
  Learn how to bring AI to your engineering teams and maximize the value that you get from it.
  Learn more
News & insights
- News & insights
  Keep up with what’s new and notable from inside GitHub.
  - Company news
    An inside look at news and product updates from GitHub.
  - Product
    The latest on GitHub’s platform, products, and tools.
  - Octoverse
    Insights into the state of open source on GitHub.
  - Policy
    The latest policy and regulatory changes in software.
  - Research
    Data-driven insights around the developer ecosystem.
  - Surveys
    What developers and industry leaders say matters most.
  - The library
    Older news and updates from GitHub.
- Unlocking the power of unstructured data with RAG
  Learn how to use retrieval-augmented generation (RAG) to capture more insights.
  Learn more
Open source
- Open source
  Everything open source on GitHub.
  - Documentation
    Tips for creating and maintaining documentation.
  - Gaming
    Open source games on GitHub.
  - Git
    The latest Git updates.
  - Licenses
    Open source licenses, explained.
  - Maintainers
    Spotlighting open source maintainers.
  - Social impact
    How open source is driving positive change.
- An introduction to innersource
  Organizations worldwide are incorporating open source methodologies into the way they build and ship their own software.
  Learn more
Security
- Security
  Stay up to date on everything security.
  - Application security
    Application security, explained.
  - Supply chain security
    Demystifying supply chain security.
  - Vulnerability research
    Updates from the GitHub Security Lab.
  - Web application security
    Helpful tips on securing web applications.
- The enterprise guide to AI-powered DevSecOps
  Learn about core challenges in DevSecOps, and how you can start addressing them with AI and automation.
  Learn more

Categories

AI & ML
- AI & ML
  Learn about artificial intelligence and machine learning across the GitHub ecosystem and the wider industry.
  - Generative AI
    Learn about and how to build with generative AI.
  - GitHub Copilot
    Change how you work with GitHub Copilot.
  - LLMs
    Everything developers need to know about LLMs.
  - Machine learning
    Machine learning tips, tricks, and best practices.
- How AI code generation works
  Explore the capabilities and benefits of AI code generation and how it can improve your developer experience.
  Learn more
Developer skills
- Developer skills
  Resources for developers to grow in their skills and careers.
  - Application development
    Insights and best practices for building apps.
  - Career growth
    Tips & tricks to grow as a professional developer.
  - GitHub
    Improve how you use GitHub at work.
  - GitHub Education
    Learn how to move into your first professional role.
  - Programming languages & frameworks
    Stay current on what’s new (or new again).
- Get started with GitHub documentation
  Learn how to start building, shipping, and maintaining software with GitHub.
  Learn more
Engineering
- Engineering
  Get an inside look at how we’re building the home for all developers.
  - Architecture & optimization
    Discover how we deliver a performant and highly available experience across the GitHub platform.
  - Engineering principles
    Explore best practices for building software at scale with a majority remote team.
  - Infrastructure
    Get a glimpse at the technology underlying the world’s leading AI-powered developer platform.
  - Platform security
    Learn how we build security into everything we do across the developer lifecycle.
  - Scripting & automation
    How GitHub engineers use scripting and automation.
  - User experience
    Find out what goes into making GitHub the home for all developers.
- How we use GitHub to be more productive, collaborative, and secure
  Our engineering and security teams do some incredible work. Let’s take a look at how we use GitHub to be more productive, build collaboratively, and shift security left.
  Learn more
Enterprise software
- Enterprise software
  Explore how to write, build, and deploy enterprise software at scale.
  - Automation
    Automating your way to faster and more secure ships.
  - CI/CD
    Guides on continuous integration and delivery.
  - Collaboration
    Tips, tools, and tricks to improve developer collaboration.
  - DevOps
    DevOps resources for enterprise engineering teams.
  - DevSecOps
    How to integrate security into the SDLC.
  - Governance & compliance
    Ensuring your builds stay clean.
  - Secure enterprise development
    Locking down the SDLC one step at time.
- How enterprise engineering teams can successfully adopt AI
  Learn how to bring AI to your engineering teams and maximize the value that you get from it.
  Learn more
News & insights
- News & insights
  Keep up with what’s new and notable from inside GitHub.
  - Company news
    An inside look at news and product updates from GitHub.
  - Product
    The latest on GitHub’s platform, products, and tools.
  - Octoverse
    Insights into the state of open source on GitHub.
  - Policy
    The latest policy and regulatory changes in software.
  - Research
    Data-driven insights around the developer ecosystem.
  - Surveys
    What developers and industry leaders say matters most.
  - The library
    Older news and updates from GitHub.
- Unlocking the power of unstructured data with RAG
  Learn how to use retrieval-augmented generation (RAG) to capture more insights.
  Learn more
Open source
- Open source
  Everything open source on GitHub.
  - Documentation
    Tips for creating and maintaining documentation.
  - Gaming
    Open source games on GitHub.
  - Git
    The latest Git updates.
  - Licenses
    Open source licenses, explained.
  - Maintainers
    Spotlighting open source maintainers.
  - Social impact
    How open source is driving positive change.
- An introduction to innersource
  Organizations worldwide are incorporating open source methodologies into the way they build and ship their own software.
  Learn more
Security
- Security
  Stay up to date on everything security.
  - Application security
    Application security, explained.
  - Supply chain security
    Demystifying supply chain security.
  - Vulnerability research
    Updates from the GitHub Security Lab.
  - Web application security
    Helpful tips on securing web applications.
- The enterprise guide to AI-powered DevSecOps
  Learn about core challenges in DevSecOps, and how you can start addressing them with AI and automation.
  Learn more

Contact sales Try GitHub Copilot

advanced-security

Subscribe to all “advanced-security” posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

→ ~ cd github-changelog

→ ~/github-changelog|main git log main

showing all changes successfully

Secret scanning: Admins can now provide a link to display when a push is blocked

August 24, 2022

GitHub Advanced Security customers using secret scanning can now specify a custom link that will show in the error message when push protection detects and blocks a potential secret. Admins can use the custom link to provide their developers with a point of reference on best practices with secrets.

Learn more about protecting pushes with secret scanning.

Custom link displayed in a push protection error message

See more See more

Prefect is now a GitHub secret scanning partner

August 18, 2022

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud.

We have partnered with Prefect to scan for their access tokens and help secure our mutual users on public and private repositories. The Prefect service account API keys are not associated with a user and are restricted to a specific tenant, but they are recommended for application and automation use. GitHub will forward access tokens found in public repositories to Prefect, who will immediately email the owner of the leaked key. More information about Prefect API Tokens can be found here.

GitHub Advanced Security customers can also scan for Prefect tokens and block them from entering their private and public repositories with push protection.

See more See more

ReadMe is now a GitHub secret scanning partner

August 17, 2022

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud.

We have partnered with ReadMe to scan for their API keys and help secure our mutual users on public and private repositories. ReadMe’s API keys allow users to sync OpenAPI and Markdown files to their developer hubs using the rdme GitHub Action, as well as perform other programmatic updates using the ReadMe API. We’ll forward exposed API keys found in public repositories to ReadMe, who will immediately revoke the token and notify the project administrators via email. More information about ReadMe’s API keys can be found here.

GitHub Advanced Security customers can also scan for ReadMe tokens and block them from entering their private and public repositories with push protection.

See more See more

UNIwise is now a GitHub secret scanning partner

August 16, 2022

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud.

We have partnered with UNIwise to scan for their access tokens and help secure our mutual users on public and private repositories. The WISEflow API Key allows for institutions to manage key aspects of their license, such as exams and their life cycle. GitHub forwards access tokens found in public repositories to UNIwise, who will immediately disable the API Key and contact the customer. More information about WISEflow API Keys can be found here

GitHub Advanced Security customers can also scan for UNIwise tokens and block them from entering their private and public repositories with push protection.

See more See more

Secret scanning: Organization admins can dry run custom patterns across all repositories

August 12, 2022

GitHub Advanced Security customers can now dry run their secret scanning custom patterns on all repositories within an organization. Previously, admins could only dry run on a maximum of 10 selected repositories.

Dry run on all repos in an org

Learn more about secret scanning
Learn more about defining custom patterns

See more See more

Security overview is now available to all GitHub Enterprise users

August 8, 2022

We’ve expanded access to GitHub’s security overview pages in two ways:

All GitHub Enterprise accounts now have access to the security overview, not just those with GitHub Advanced Security
All users within an enterprise can now access the security overview, not just admins and security managers

Security overview provides a centralized view of risk for application security teams, engineering leaders, and developers who work across many repositories. It displays code scanning, Dependabot, and secret scanning alerts across every repository you have access to in an organization or enterprise. The security overview also shows you where you have unknown risks because security features haven’t been enabled.

Learn more about security overview and send us your feedback

See more See more

REST API now available for the organization-level security manager role (Public Beta)

August 1, 2022

Organizations participating in the security manager role public beta may now manage security manager teams via the GitHub REST API. In addition, legacy organizations can now participate in the public beta.

Learn more about the security manager REST API and send us your feedback

Learn more about GitHub Advanced Security

See more See more

Debugging CodeQL analysis in code scanning made easier by obtaining detailed logs and debugging artifacts from the CodeQL Action

August 1, 2022

It's now easier to debug CodeQL analysis problems in code scanning: click Re-run jobs from the GitHub Actions workflow run page, check the Enable debug logging box, and hit the Re-run jobs button.

Re-run all jobs

The data will be uploaded as an Actions artifact named debug-artifacts, attached to the workflow run. Such artifacts contain CodeQL logs, CodeQL databases, and the SARIF files that were produced.

Actions artifacts

These artifacts will help you when you're debugging problems with CodeQL code scanning. When contacting GitHub support, you might be asked for this data.

As part of the analysis, CodeQL extracts your source code into a relational database format. The debug artifacts include more detailed information about CodeQL extraction errors and warnings that occurred during database creation. If you want to permanently enable debug logging for the CodeQL analysis, or would like more information about troubleshooting CodeQL, please follow these instructions.

This feature is now available to all users on GitHub.com and will also be available in GitHub Enterprise Server 3.7.

See more See more

Secret scanning: Admins now receive emails when contributors bypass a push protection block

July 27, 2022

GitHub Advanced Security customers who are watching a repository's secret scanning alerts will now receive an email notification when a contributor bypasses a secret blocked by push protection. Previously, notifications were not sent if the secret was marked as a false positive or as used in tests.

Learn more about protecting pushes with secret scanning

See more See more

Secret scanning: Admins can now sort and filter their custom patterns

July 26, 2022

GitHub Advanced Security customers can now sort and filter their list of custom patterns at the repository, organization, and enterprise levels. This upgrade to the experience supports admins who need to manage dozens, or hundreds, of custom patterns.

Learn more about custom patterns for GitHub Advanced Security

See more See more

Code scanning enterprise-level REST API

July 18, 2022

GitHub Advanced Security customers can now retrieve repository code scanning results at the enterprise level via the GitHub REST API. This new endpoint supplements the existing repository-level and organization-level endpoints.

Learn more about the code scanning enterprise-level REST API and send us your feedback.

Learn more about GitHub Advanced Security

See more See more

Zuplo is now a GitHub secret scanning partner

July 13, 2022

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud.

We have partnered with Zuplo to scan for their API keys connected to a Zuplo API Gateway, which allows users to add API key authentication to their APIs. We'll forward access tokens found in public repositories to Zuplo, who follow customer preference to either notify their customers via email or automatically revoke the token. More information about Zuplo API tokens can be found here.

We continue to welcome new partners for public repository secret scanning. GitHub Advanced Security customers can also scan their private repositories for leaked secrets and prevent Zuplo keys from accidental leaks with push protection.

See more See more

Secret scanning’s REST API endpoints now support cursor-based pagination

June 22, 2022

GitHub Advanced Security customers can now use cursors to paginate over alert results they retrieve via the repository and organization level REST APIs.

Paginating with cursors, using the new before and after query parameters, can help assure data consistency and improve response times. To receive an initial cursor on your first request, include an empty "before" or "after" query string in your API call.

Learn more about the secret scanning REST API
Learn more about private repository scanning with Advanced Security

See more See more

View code scanning alerts across your enterprise (Public Beta)

June 22, 2022

GitHub Advanced Security customers can now see an overview of code scanning alerts at the enterprise level. This page provides a repo-centric view of application security risks, as well as an alert-centric view of all secret scanning, Dependabot and now code scanning alerts. This view is beta and will be followed in the coming weeks with an enterprise level REST API to retrieve code scanning alerts.

Code scanning alerts at the enterprise level

Learn more about security overview
Learn more about GitHub Advanced Security

See more See more

SendGrid is now a GitHub secret scanning partner

June 20, 2022

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, we help protect users from data leaks and fraud associated with exposed data.

We have partnered with SendGrid to scan for their access tokens, which allow users to retrieve account information and statistics. We'll forward access tokens found in public repositories to SendGrid. SendGrid will then either suspend the detected token or send it to their fraud team for manual review, depending on the token scope. More information about SendGrid API tokens can be found here.

GitHub Advanced Security customers can also scan for SendGrid's API keys and block them from entering their private and public repositories via secret scanning’s push protection feature.

Learn more about secret scanning
Partner with GitHub on secret scanning

See more See more

View more changes