An exposed GitHub token could have been used to launch a supply chain attack on GitHub CodeQL, resulting in source code exposure and repository tampering of CodeQL users.

GitHub continually updates its detectors for secret scanning with new patterns and upgrades of existing patterns, ensuring your repositories have comprehensive detection for different secret types. GitHub now automatically detects…

The Actions Runner Controller (ARC) 0.12.0 release introduces several enhancements including: public preview support for Red Hat OpenShift Kubernetes clusters and vault-based secret management, improvements to Docker-in-Docker (DinD) container mode,…

Today, we’re excited to announce the general availability of our new organization and enterprise-level security overview dashboards, alongside enhanced secret scanning metrics and the enablement trends reports. These features are…