CINXE.COM

<!doctype html> <html lang="en-US" class="mt-0"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <link rel="icon" type="image/x-icon" href="https://github.githubassets.com/favicon.ico"> <meta name='robots' content='index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1' /> <style>img:is([sizes="auto" i], [sizes^="auto," i]) { contain-intrinsic-size: 3000px 1500px }</style>  <title>security-and-compliance - GitHub Changelog</title> <link rel="canonical" href="https://github.blog/changelog/label/security-and-compliance/" /> <link rel="next" href="https://github.blog/changelog/label/security-and-compliance/page/2/" /> <meta property="og:locale" content="en_US" /> <meta property="og:type" content="article" /> <meta property="og:title" content="security-and-compliance · GitHub Changelog" /> <meta property="og:url" content="https://github.blog/changelog/label/security-and-compliance/" /> <meta property="og:site_name" content="The GitHub Blog" /> <meta name="twitter:card" content="summary_large_image" /> <script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"CollectionPage","@id":"https://github.blog/changelog/label/security-and-compliance/","url":"https://github.blog/changelog/label/security-and-compliance/","name":"security-and-compliance Archives - The GitHub Blog","isPartOf":{"@id":"https://github.blog/#website"},"breadcrumb":{"@id":"https://github.blog/changelog/label/security-and-compliance/#breadcrumb"},"inLanguage":"en-US"},{"@type":"BreadcrumbList","@id":"https://github.blog/changelog/label/security-and-compliance/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://github.blog/"},{"@type":"ListItem","position":2,"name":"security-and-compliance"}]},{"@type":"WebSite","@id":"https://github.blog/#website","url":"https://github.blog/","name":"The GitHub Blog","description":"Updates, ideas, and inspiration from GitHub to help developers build and design software.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https://github.blog/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}</script>  <link rel='dns-prefetch' href='//ghcc.githubassets.com' /> <link rel='dns-prefetch' href='//js.monitor.azure.com' /> <link rel='dns-prefetch' href='//analytics.githubassets.com' /> <link rel='dns-prefetch' href='//stats.wp.com' /> <link rel='dns-prefetch' href='//v0.wordpress.com' /> <link rel="alternate" type="application/rss+xml" title="The GitHub Blog » Feed" href="https://github.blog/feed/" /> <link rel="alternate" type="application/rss+xml" title="The GitHub Blog » Comments Feed" href="https://github.blog/comments/feed/" /> <link rel="alternate" type="application/rss+xml" title="The GitHub Blog » security-and-compliance Label Feed" href="https://github.blog/changelog/label/security-and-compliance/feed/" /> <script> window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/github.blog\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.7.2"}}; /*! This file is auto-generated */ !function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(function(e,t){return e===r[t]})}function u(e,t,n){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\uddfa\ud83c\uddf3","\ud83c\uddfa\u200b\ud83c\uddf3")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),p.toString()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings); </script> <style id='wp-emoji-styles-inline-css'> img.wp-smiley, img.emoji { display: inline !important; border: none !important; box-shadow: none !important; height: 1em !important; width: 1em !important; margin: 0 0.07em !important; vertical-align: -0.1em !important; background: none !important; padding: 0 !important; } </style> <link rel='stylesheet' id='all-css-2' href='https://github.blog/wp-includes/css/dist/block-library/style.min.css?m=1739294329g' type='text/css' media='all' /> <style id='co-authors-plus-coauthors-style-inline-css'> .wp-block-co-authors-plus-coauthors.is-layout-flow [class*=wp-block-co-authors-plus]{display:inline} </style> <style id='co-authors-plus-avatar-style-inline-css'> .wp-block-co-authors-plus-avatar :where(img){height:auto;max-width:100%;vertical-align:bottom}.wp-block-co-authors-plus-coauthors.is-layout-flow .wp-block-co-authors-plus-avatar :where(img){vertical-align:middle}.wp-block-co-authors-plus-avatar:is(.alignleft,.alignright){display:table}.wp-block-co-authors-plus-avatar.aligncenter{display:table;margin-inline:auto} </style> <style id='co-authors-plus-image-style-inline-css'> .wp-block-co-authors-plus-image{margin-bottom:0}.wp-block-co-authors-plus-image :where(img){height:auto;max-width:100%;vertical-align:bottom}.wp-block-co-authors-plus-coauthors.is-layout-flow .wp-block-co-authors-plus-image :where(img){vertical-align:middle}.wp-block-co-authors-plus-image:is(.alignfull,.alignwide) :where(img){width:100%}.wp-block-co-authors-plus-image:is(.alignleft,.alignright){display:table}.wp-block-co-authors-plus-image.aligncenter{display:table;margin-inline:auto} </style> <style id='safe-svg-svg-icon-style-inline-css'> .safe-svg-cover{text-align:center}.safe-svg-cover .safe-svg-inside{display:inline-block;max-width:100%}.safe-svg-cover svg{height:100%;max-height:100%;max-width:100%;width:100%} </style> <style id='jetpack-sharing-buttons-style-inline-css'> .jetpack-sharing-buttons__services-list{display:flex;flex-direction:row;flex-wrap:wrap;gap:0;list-style-type:none;margin:5px;padding:0}.jetpack-sharing-buttons__services-list.has-small-icon-size{font-size:12px}.jetpack-sharing-buttons__services-list.has-normal-icon-size{font-size:16px}.jetpack-sharing-buttons__services-list.has-large-icon-size{font-size:24px}.jetpack-sharing-buttons__services-list.has-huge-icon-size{font-size:36px}@media print{.jetpack-sharing-buttons__services-list{display:none!important}}.editor-styles-wrapper .wp-block-jetpack-sharing-buttons{gap:0;padding-inline-start:0}ul.jetpack-sharing-buttons__services-list.has-background{padding:1.25em 2.375em} </style> <style id='classic-theme-styles-inline-css'> /*! This file is auto-generated */ .wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none} </style> <style id='global-styles-inline-css'> :root{--wp--preset--aspect-ratio--square: 1;--wp--preset--aspect-ratio--4-3: 4/3;--wp--preset--aspect-ratio--3-4: 3/4;--wp--preset--aspect-ratio--3-2: 3/2;--wp--preset--aspect-ratio--2-3: 2/3;--wp--preset--aspect-ratio--16-9: 16/9;--wp--preset--aspect-ratio--9-16: 9/16;--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flex{display: flex;}.is-layout-flex{flex-wrap: wrap;align-items: center;}.is-layout-flex > :is(*, div){margin: 0;}body .is-layout-grid{display: grid;}.is-layout-grid > :is(*, div){margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;} :where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;} :where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;} :root :where(.wp-block-pullquote){font-size: 1.5em;line-height: 1.6;} </style> <link rel='stylesheet' id='all-css-20' href='https://github.blog/_static/??/wp-content/plugins/wp-menu-image/assets/css/wmi-front-style.css,/wp-content/themes/github-2021/dist/css/site-script.css?m=1739996894' type='text/css' media='all' /> <link rel="https://api.w.org/" href="https://github.blog/wp-json/" /><link rel="alternate" title="JSON" type="application/json" href="https://github.blog/wp-json/wp/v2/label/1746" /><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://github.blog/xmlrpc.php?rsd" /> <meta name="generator" content="WordPress 6.7.2" /> <style>img#wpstats{display:none}</style> <meta name="ha-url" content="https://collector.githubapp.com/github-blog/collect"><link rel="preload" href="https://github.blog/wp-content/themes/github-2021/dist/fonts/mona-sans.woff2" as="font" type="font/woff2" crossorigin="anonymous"><link rel="icon" href="https://github.blog/wp-content/uploads/2019/01/cropped-github-favicon-512.png?fit=32%2C32" sizes="32x32" /> <link rel="icon" href="https://github.blog/wp-content/uploads/2019/01/cropped-github-favicon-512.png?fit=192%2C192" sizes="192x192" /> <link rel="apple-touch-icon" href="https://github.blog/wp-content/uploads/2019/01/cropped-github-favicon-512.png?fit=180%2C180" /> <meta name="msapplication-TileImage" content="https://github.blog/wp-content/uploads/2019/01/cropped-github-favicon-512.png?fit=270%2C270" /> </head> <body class="archive tax-changelog-label term-security-and-compliance term-1746 font-mktg hfeed no-sidebar"> <div data-color-mode="dark" data-light-theme="light" data-dark-theme="dark_dimmed" class="pt-header pt-lg-0"> <header id="header" class="header position-fixed position-lg-static pb-lg-header z-4 top-0 left-0 right-0 d-flex flex-column flex-items-stretch color-bg-default"> <a href="#start-of-content" class="p-3 color-bg-accent-emphasis color-fg-on-emphasis show-on-focus"> Skip to content </a> <div class="position-relative container-xl width-full mx-auto p-responsive-blog"> <div class="d-flex flex-items-center flex-justify-between pt-3 pb-3 color-fg-default"> <a href="https://github.com" target="_blank" rel="noreferrer" aria-label="GitHub homepage" class="Header-link position-relative d-flex flex-items-center color-fg-default"> <svg aria-hidden="true" role="presentation" class="nav-back-arrow position-absolute d-block" viewBox="0 0 24 24" width="32" height="32" fill="currentColor"><path fill-rule="evenodd" d="M15.28 5.22a.75.75 0 00-1.06 0l-6.25 6.25a.75.75 0 000 1.06l6.25 6.25a.75.75 0 101.06-1.06L9.56 12l5.72-5.72a.75.75 0 000-1.06z"></path></svg> <svg aria-hidden="true" role="img" class="octicon octicon-mark-github d-block" viewBox="0 0 16 16" width="32" height="32" fill="currentColor"><path fill-rule="evenodd" d="M8 0C3.58 0 0 3.58 0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38 0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27.68 0 1.36.09 2 .27 1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0016 8c0-4.42-3.58-8-8-8z"></path></svg> </a> <span class="d-inline-block ml-2 f1-mktg f2-md-mktg" style="opacity: 0.3;">/</span> <a class="d-inline-block Header-link font-weight-semibold ml-2 f2 color-fg-default" href="https://github.blog/"> Blog</a> <nav class="d-none d-lg-block" aria-label="Secondary navigation"> <ul id="secondary-navigation" class="secondary-navigation flex-items-center flex-nowrap list-style-none ml-4" aria-hidden="false"><li id="menu-item-78809"><a href="https://github.blog/changelog/" class="position-relative d-flex flex-items-center flex-start no-wrap py-2 px-4 f4 lh-condensed-ultra Link--secondary color-fg-default text-medium">Changelog</a></li> <li id="menu-item-78810"><a href="https://docs.github.com/" class="position-relative d-flex flex-items-center flex-start no-wrap py-2 px-4 f4 lh-condensed-ultra Link--secondary color-fg-default text-medium">Docs<svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-down position-absolute right-0 d-block ml-1 mt-1" role="presentation"><path d="M3.75 2h3.5a.75.75 0 0 1 0 1.5h-3.5a.25.25 0 0 0-.25.25v8.5c0 .138.112.25.25.25h8.5a.25.25 0 0 0 .25-.25v-3.5a.75.75 0 0 1 1.5 0v3.5A1.75 1.75 0 0 1 12.25 14h-8.5A1.75 1.75 0 0 1 2 12.25v-8.5C2 2.784 2.784 2 3.75 2Zm6.854-1h4.146a.25.25 0 0 1 .25.25v4.146a.25.25 0 0 1-.427.177L13.03 4.03 9.28 7.78a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042l3.75-3.75-1.543-1.543A.25.25 0 0 1 10.604 1Z"></path></svg></a></li> <li id="menu-item-78811"><a href="https://github.com/customer-stories" class="position-relative d-flex flex-items-center flex-start no-wrap py-2 px-4 f4 lh-condensed-ultra Link--secondary color-fg-default text-medium">Customer stories<svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-down position-absolute right-0 d-block ml-1 mt-1" role="presentation"><path d="M3.75 2h3.5a.75.75 0 0 1 0 1.5h-3.5a.25.25 0 0 0-.25.25v8.5c0 .138.112.25.25.25h8.5a.25.25 0 0 0 .25-.25v-3.5a.75.75 0 0 1 1.5 0v3.5A1.75 1.75 0 0 1 12.25 14h-8.5A1.75 1.75 0 0 1 2 12.25v-8.5C2 2.784 2.784 2 3.75 2Zm6.854-1h4.146a.25.25 0 0 1 .25.25v4.146a.25.25 0 0 1-.427.177L13.03 4.03 9.28 7.78a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042l3.75-3.75-1.543-1.543A.25.25 0 0 1 10.604 1Z"></path></svg></a></li> </ul></nav> <div class="d-none d-lg-flex flex-1"> <form id="desktop-search" class="desktop-search position-relative ml-lg-4 flex-1" action="https://github.blog" method="get" aria-hidden="true" aria-label="Search form" role="search"> <div class="position-relative d-flex flex-1 height-full color-bg-transparent" data-color-mode="light" data-light-theme="light" data-dark-theme="dark" > <input aria-label="Search the blog" type="search" class="p-2 pl-3 pr-6 border-0 rounded-2 flex-1" placeholder="Search the blog…" value="" name="s" id="search-input"> <button type="submit" class="position-absolute right-0 z-3 d-flex flex-items-center flex-justify-center flex-self-center mr-2 p-2 border-0 rounded-2 color-bg-transparent color-fg-subtle" aria-label="Search"> <svg viewBox="0 0 16 16" width="20" height="20" class="octicon octicon-search" role="presentation"><path fill-rule="evenodd" d="M11.5 7a4.499 4.499 0 11-8.998 0A4.499 4.499 0 0111.5 7zm-.82 4.74a6 6 0 111.06-1.06l3.04 3.04a.75.75 0 11-1.06 1.06l-3.04-3.04z"></path></svg> </button> </div> </form> <button aria-label="Toggle search" class="flex-self-center ml-auto p-2 border-0 color-bg-transparent color-fg-default rounded-3 js-toggle" aria-controls="desktop-search" aria-expanded="false" > <svg viewBox="0 0 24 24" width="24" height="24" class="octicon octicon-search" role="presentation"><path d="M10.25 2a8.25 8.25 0 0 1 6.34 13.53l5.69 5.69a.749.749 0 0 1-.326 1.275.749.749 0 0 1-.734-.215l-5.69-5.69A8.25 8.25 0 1 1 10.25 2ZM3.5 10.25a6.75 6.75 0 1 0 13.5 0 6.75 6.75 0 0 0-13.5 0Z"></path></svg> <svg viewBox="2 2 20 20" width="24" height="24" class="octicon octicon-x" role="presentation"><path d="M5.72 5.72a.75.75 0 0 1 1.06 0L12 10.94l5.22-5.22a.749.749 0 0 1 1.275.326.749.749 0 0 1-.215.734L13.06 12l5.22 5.22a.749.749 0 0 1-.326 1.275.749.749 0 0 1-.734-.215L12 13.06l-5.22 5.22a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042L10.94 12 5.72 6.78a.75.75 0 0 1 0-1.06Z"></path></svg> </button> <a class="Button Button--size-medium Button--primary ml-3" href="https://github.com/features/copilot?utm_source=topnav&utm_medium=blog&utm_campaign=copilotfree" target="_blank" data-analytics-click="Blog, click on button, text: Use Copilot for free; ref_location:top nav;" > <span class="Button__text"> <span class="Text Text--200 Text--antialiased Text--weight-semibold Button--label Button--label-medium Button--label-primary"> Use Copilot for free </span> </span> </a> <a class="Button Button--size-medium Button--secondary ml-3" href="https://github.com/enterprise/contact?ref_cta=contact20sales&ref_loc=banner&ref_page=blog" target="_blank" data-analytics-click="Blog, click on button, text: Contact sales; ref_location:top nav;" > <span class="Button__text"> <span class="Text Text--200 Text--antialiased Text--weight-semibold Button--label Button--label-medium Button--label-secondary"> Contact sales </span> </span> </a> </div> <div class="d-flex d-lg-none flex-items-center flex-1 mr-n2"> <button aria-label="Toggle search" class="ml-auto p-2 border-0 color-bg-transparent color-fg-default rounded-3 js-toggle" aria-controls="mobile-search" aria-expanded="false" > <svg viewBox="0 0 24 24" width="24" height="24" class="octicon octicon-search" role="presentation"><path d="M10.25 2a8.25 8.25 0 0 1 6.34 13.53l5.69 5.69a.749.749 0 0 1-.326 1.275.749.749 0 0 1-.734-.215l-5.69-5.69A8.25 8.25 0 1 1 10.25 2ZM3.5 10.25a6.75 6.75 0 1 0 13.5 0 6.75 6.75 0 0 0-13.5 0Z"></path></svg> <svg viewBox="2 2 20 20" width="24" height="24" class="octicon octicon-x" role="presentation"><path d="M5.72 5.72a.75.75 0 0 1 1.06 0L12 10.94l5.22-5.22a.749.749 0 0 1 1.275.326.749.749 0 0 1-.215.734L13.06 12l5.22 5.22a.749.749 0 0 1-.326 1.275.749.749 0 0 1-.734-.215L12 13.06l-5.22 5.22a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042L10.94 12 5.72 6.78a.75.75 0 0 1 0-1.06Z"></path></svg> </button> <button aria-label="Toggle menu" class="ml-2 p-2 border-0 color-bg-transparent color-fg-default rounded-3 js-toggle" aria-controls="mobile-menu" aria-expanded="false" data-trap-focus="#header"> <svg viewBox="0 0 16 16" width="24" height="24" class="octicon octicon-three-bars" role="presentation"><path d="M1 2.75A.75.75 0 0 1 1.75 2h12.5a.75.75 0 0 1 0 1.5H1.75A.75.75 0 0 1 1 2.75Zm0 5A.75.75 0 0 1 1.75 7h12.5a.75.75 0 0 1 0 1.5H1.75A.75.75 0 0 1 1 7.75ZM1.75 12h12.5a.75.75 0 0 1 0 1.5H1.75a.75.75 0 0 1 0-1.5Z"></path></svg> <svg viewBox="2 2 20 20" width="24" height="24" class="octicon octicon-x " role="presentation"><path d="M5.72 5.72a.75.75 0 0 1 1.06 0L12 10.94l5.22-5.22a.749.749 0 0 1 1.275.326.749.749 0 0 1-.215.734L13.06 12l5.22 5.22a.749.749 0 0 1-.326 1.275.749.749 0 0 1-.734-.215L12 13.06l-5.22 5.22a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042L10.94 12 5.72 6.78a.75.75 0 0 1 0-1.06Z"></path></svg> </button> </div> </div> </div> <div class="position-relative pb-lg-navigation" data-sticky-navigation=".sticky-navigation"> <nav aria-label="Primary navigation" class="sticky-navigation position-absolute z-4 top-0 left-0 d-none d-lg-block width-full color-border-subtle color-bg-default"> <div class="position-relative container-xl width-full mx-auto p-responsive-blog"> <ul id="primary-navigation" class="primary-navigation position-relative d-flex flex-row flex-nowrap flex-grow-0 flex-justify-between list-style-none"><li id="menu-item-78814"><a href="https://github.blog/ai-and-ml/" class="position-relative d-flex flex-items-center flex-start no-wrap py-3 f4-mktg text-bold js-toggle" aria-controls="primary-78814-dropdown" aria-expanded="false" aria-haspopup="true" role="button">AI & ML<svg viewBox="0 0 16 16" width="16" height="16" class="octicon d-block ml-1 mt-1 color-fg-muted" role="presentation"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></a> <ul class="dropdown d-flex flex-wrap width-full position-absolute left-0 list-style-none mt-2 rounded-3 z-3 overflow-hidden color-border-subtle" aria-label="AI & ML sub-menu" aria-hidden="true" data-color-mode="light" data-dark-theme="dark" data-light-theme="light" id="primary-78814-dropdown" tabindex="-1"> <li id="menu-item-78863" class="flex-1 p-5 py-xl-7 px-xl-7"><div class="col-9 mb-4 mb-lg-7"><a href="https://github.blog/ai-and-ml/" class="d-flex flex-items-center flex-start f3 lh-condensed color-fg-default text-bold">AI & ML<svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-right ml-1 mt-1" role="presentation"><path d="M6.22 3.22a.75.75 0 0 1 1.06 0l4.25 4.25a.75.75 0 0 1 0 1.06l-4.25 4.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042L9.94 8 6.22 4.28a.75.75 0 0 1 0-1.06Z"></path></svg></a><p class="mt-1 my-0 f4 color-fg-muted">Learn about artificial intelligence and machine learning across the GitHub ecosystem and the wider industry.</p></div> <ul class="d-flex flex-wrap list-style-none" aria-label="AI & ML sub-menu"> <li id="menu-item-78815" class="col-6 d-block f4 color-fg-default color-border-subtle pr-4 pr-lg-8 border-right"><a href="https://github.blog/ai-and-ml/generative-ai/" class="d-block f4 color-fg-default text-bold">Generative AI</a><p class="mb-0 f5 color-fg-muted">Learn how to build with generative AI.</p></li> <li id="menu-item-78816" class="col-6 d-block f4 color-fg-default color-border-subtle pl-4 pl-lg-8"><a href="https://github.blog/ai-and-ml/github-copilot/" class="d-block f4 color-fg-default text-bold">GitHub Copilot</a><p class="mb-0 f5 color-fg-muted">Change how you work with GitHub Copilot.</p></li> <li id="menu-item-78817" class="col-6 d-block f4 color-fg-default color-border-subtle pr-4 pr-lg-8 border-right pt-2 pt-lg-4"><a href="https://github.blog/ai-and-ml/llms/" class="d-block f4 color-fg-default text-bold">LLMs</a><p class="mb-0 f5 color-fg-muted">Everything developers need to know about LLMs.</p></li> <li id="menu-item-78818" class="col-6 d-block f4 color-fg-default color-border-subtle pl-4 pl-lg-8 pt-2 pt-lg-4"><a href="https://github.blog/ai-and-ml/machine-learning/" class="d-block f4 color-fg-default text-bold">Machine learning</a><p class="mb-0 f5 color-fg-muted">Machine learning tips, tricks, and best practices.</p></li> </ul> </li> <li id="menu-item-78864" class="p-5 py-xl-7 px-xl-8 col-4 color-bg-subtle card"><div class="d-block position-relative mb-3 rounded-2 tease-thumbnail overflow-hidden"><img width="800" height="425" src="https://github.blog/wp-content/uploads/2024/06/AI-DarkMode-4.png?resize=800%2C425" class="tease-thumbnail__img d-block width-full height-auto aspect-ratio-1032-548 object-fit-cover" alt="" decoding="async" fetchpriority="high" srcset="https://github.blog/wp-content/uploads/2024/06/AI-DarkMode-4.png?w=300 300w, https://github.blog/wp-content/uploads/2024/06/AI-DarkMode-4.png?w=800 800w, https://github.blog/wp-content/uploads/2024/06/AI-DarkMode-4.png?w=400 400w, https://github.blog/wp-content/uploads/2024/06/AI-DarkMode-4.png?w=1032 1032w, https://github.blog/wp-content/uploads/2024/06/AI-DarkMode-4.png?w=516 516w" sizes="(max-width: 800px) 100vw, 800px" /></div><a href="https://github.blog/ai-and-ml/generative-ai/how-ai-code-generation-works/" class="d-block mb-2 f3 lh-condensed color-fg-default text-bold card__link">How AI code generation works</a><p class="mb-3 f5 color-fg-muted">Explore the capabilities and benefits of AI code generation and how it can improve your developer experience.</p><span class="Link d-inline-flex flex-items-center" role="presentation">Learn more<svg xmlns="http://www.w3.org/2000/svg" class="octicon d-block ml-1 mt-1" viewBox="0 0 12 12" width="12" height="12"><path d="M4.7 10c-.2 0-.4-.1-.5-.2-.3-.3-.3-.8 0-1.1L6.9 6 4.2 3.3c-.3-.3-.3-.8 0-1.1.3-.3.8-.3 1.1 0l3.3 3.2c.3.3.3.8 0 1.1L5.3 9.7c-.2.2-.4.3-.6.3Z"></path></svg></span></li> </ul> </li> <li id="menu-item-78819"><a href="https://github.blog/developer-skills/" class="position-relative d-flex flex-items-center flex-start no-wrap py-3 f4-mktg text-bold js-toggle" aria-controls="primary-78819-dropdown" aria-expanded="false" aria-haspopup="true" role="button">Developer skills<svg viewBox="0 0 16 16" width="16" height="16" class="octicon d-block ml-1 mt-1 color-fg-muted" role="presentation"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></a> <ul class="dropdown d-flex flex-wrap width-full position-absolute left-0 list-style-none mt-2 rounded-3 z-3 overflow-hidden color-border-subtle" aria-label="Developer skills sub-menu" aria-hidden="true" data-color-mode="light" data-dark-theme="dark" data-light-theme="light" id="primary-78819-dropdown" tabindex="-1"> <li id="menu-item-78865" class="flex-1 p-5 py-xl-7 px-xl-7"><div class="col-9 mb-4 mb-lg-7"><a href="https://github.blog/developer-skills/" class="d-flex flex-items-center flex-start f3 lh-condensed color-fg-default text-bold">Developer skills<svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-right ml-1 mt-1" role="presentation"><path d="M6.22 3.22a.75.75 0 0 1 1.06 0l4.25 4.25a.75.75 0 0 1 0 1.06l-4.25 4.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042L9.94 8 6.22 4.28a.75.75 0 0 1 0-1.06Z"></path></svg></a><p class="mt-1 my-0 f4 color-fg-muted">Resources for developers to grow in their skills and careers.</p></div> <ul class="d-flex flex-wrap list-style-none" aria-label="Developer skills sub-menu"> <li id="menu-item-78820" class="col-6 d-block f4 color-fg-default color-border-subtle pr-4 pr-lg-8 border-right"><a href="https://github.blog/developer-skills/application-development/" class="d-block f4 color-fg-default text-bold">Application development</a><p class="mb-0 f5 color-fg-muted">Insights and best practices for building apps.</p></li> <li id="menu-item-78821" class="col-6 d-block f4 color-fg-default color-border-subtle pl-4 pl-lg-8"><a href="https://github.blog/developer-skills/career-growth/" class="d-block f4 color-fg-default text-bold">Career growth</a><p class="mb-0 f5 color-fg-muted">Tips & tricks to grow as a professional developer.</p></li> <li id="menu-item-78822" class="col-6 d-block f4 color-fg-default color-border-subtle pr-4 pr-lg-8 border-right pt-2 pt-lg-4"><a href="https://github.blog/developer-skills/github/" class="d-block f4 color-fg-default text-bold">GitHub</a><p class="mb-0 f5 color-fg-muted">Improve how you use GitHub at work.</p></li> <li id="menu-item-78823" class="col-6 d-block f4 color-fg-default color-border-subtle pl-4 pl-lg-8 pt-2 pt-lg-4"><a href="https://github.blog/developer-skills/github-education/" class="d-block f4 color-fg-default text-bold">GitHub Education</a><p class="mb-0 f5 color-fg-muted">Learn how to move into your first professional role.</p></li> <li id="menu-item-78824" class="col-6 d-block f4 color-fg-default color-border-subtle pr-4 pr-lg-8 border-right pt-2 pt-lg-4"><a href="https://github.blog/developer-skills/programming-languages-and-frameworks/" class="d-block f4 color-fg-default text-bold">Programming languages & frameworks</a><p class="mb-0 f5 color-fg-muted">Stay current on what’s new (or new again).</p></li> </ul> </li> <li id="menu-item-78866" class="p-5 py-xl-7 px-xl-8 col-4 color-bg-subtle card"><div class="d-block position-relative mb-3 rounded-2 tease-thumbnail overflow-hidden"><img width="800" height="425" src="https://github.blog/wp-content/uploads/2024/05/Enterprise-DarkMode-3.png?resize=800%2C425" class="tease-thumbnail__img d-block width-full height-auto aspect-ratio-1032-548 object-fit-cover" alt="" decoding="async" srcset="https://github.blog/wp-content/uploads/2024/05/Enterprise-DarkMode-3.png?w=300 300w, https://github.blog/wp-content/uploads/2024/05/Enterprise-DarkMode-3.png?w=800 800w, https://github.blog/wp-content/uploads/2024/05/Enterprise-DarkMode-3.png?w=400 400w, https://github.blog/wp-content/uploads/2024/05/Enterprise-DarkMode-3.png?w=1032 1032w, https://github.blog/wp-content/uploads/2024/05/Enterprise-DarkMode-3.png?w=516 516w" sizes="(max-width: 800px) 100vw, 800px" /></div><a href="https://docs.github.com/en/get-started" class="d-block mb-2 f3 lh-condensed color-fg-default text-bold card__link">Get started with GitHub documentation</a><p class="mb-3 f5 color-fg-muted">Learn how to start building, shipping, and maintaining software with GitHub.</p><span class="Link d-inline-flex flex-items-center" role="presentation">Learn more<svg xmlns="http://www.w3.org/2000/svg" class="octicon d-block ml-1 mt-1" viewBox="0 0 12 12" width="12" height="12"><path d="M4.7 10c-.2 0-.4-.1-.5-.2-.3-.3-.3-.8 0-1.1L6.9 6 4.2 3.3c-.3-.3-.3-.8 0-1.1.3-.3.8-.3 1.1 0l3.3 3.2c.3.3.3.8 0 1.1L5.3 9.7c-.2.2-.4.3-.6.3Z"></path></svg></span></li> </ul> </li> <li id="menu-item-78825"><a href="https://github.blog/engineering/" class="position-relative d-flex flex-items-center flex-start no-wrap py-3 f4-mktg text-bold js-toggle" aria-controls="primary-78825-dropdown" aria-expanded="false" aria-haspopup="true" role="button">Engineering<svg viewBox="0 0 16 16" width="16" height="16" class="octicon d-block ml-1 mt-1 color-fg-muted" role="presentation"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></a> <ul class="dropdown d-flex flex-wrap width-full position-absolute left-0 list-style-none mt-2 rounded-3 z-3 overflow-hidden color-border-subtle" aria-label="Engineering sub-menu" aria-hidden="true" data-color-mode="light" data-dark-theme="dark" data-light-theme="light" id="primary-78825-dropdown" tabindex="-1"> <li id="menu-item-78867" class="flex-1 p-5 py-xl-7 px-xl-7"><div class="col-9 mb-4 mb-lg-7"><a href="https://github.blog/engineering/" class="d-flex flex-items-center flex-start f3 lh-condensed color-fg-default text-bold">Engineering<svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-right ml-1 mt-1" role="presentation"><path d="M6.22 3.22a.75.75 0 0 1 1.06 0l4.25 4.25a.75.75 0 0 1 0 1.06l-4.25 4.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042L9.94 8 6.22 4.28a.75.75 0 0 1 0-1.06Z"></path></svg></a><p class="mt-1 my-0 f4 color-fg-muted">Get an inside look at how we’re building the home for all developers.</p></div> <ul class="d-flex flex-wrap list-style-none" aria-label="Engineering sub-menu"> <li id="menu-item-78827" class="col-6 d-block f4 color-fg-default color-border-subtle pr-4 pr-lg-8 border-right"><a href="https://github.blog/engineering/architecture-optimization/" class="d-block f4 color-fg-default text-bold">Architecture & optimization</a><p class="mb-0 f5 color-fg-muted">Discover how we deliver a performant and highly available experience across the GitHub platform.</p></li> <li id="menu-item-78828" class="col-6 d-block f4 color-fg-default color-border-subtle pl-4 pl-lg-8"><a href="https://github.blog/engineering/engineering-principles/" class="d-block f4 color-fg-default text-bold">Engineering principles</a><p class="mb-0 f5 color-fg-muted">Explore best practices for building software at scale with a majority remote team.</p></li> <li id="menu-item-78829" class="col-6 d-block f4 color-fg-default color-border-subtle pr-4 pr-lg-8 border-right pt-2 pt-lg-4"><a href="https://github.blog/engineering/infrastructure/" class="d-block f4 color-fg-default text-bold">Infrastructure</a><p class="mb-0 f5 color-fg-muted">Get a glimpse at the technology underlying the world’s leading AI-powered developer platform.</p></li> <li id="menu-item-78830" class="col-6 d-block f4 color-fg-default color-border-subtle pl-4 pl-lg-8 pt-2 pt-lg-4"><a href="https://github.blog/engineering/platform-security/" class="d-block f4 color-fg-default text-bold">Platform security</a><p class="mb-0 f5 color-fg-muted">Learn how we build security into everything we do across the developer lifecycle.</p></li> <li id="menu-item-78858" class="col-6 d-block f4 color-fg-default color-border-subtle pr-4 pr-lg-8 border-right pt-2 pt-lg-4"><a href="https://github.blog/engineering/user-experience/" class="d-block f4 color-fg-default text-bold">User experience</a><p class="mb-0 f5 color-fg-muted">Find out what goes into making GitHub the home for all developers.</p></li> </ul> </li> <li id="menu-item-78868" class="p-5 py-xl-7 px-xl-8 col-4 color-bg-subtle card"><div class="d-block position-relative mb-3 rounded-2 tease-thumbnail overflow-hidden"><img width="800" height="425" src="https://github.blog/wp-content/uploads/2024/07/Screenshot-2024-07-23-at-8.42.45 AM.png?resize=800%2C425" class="tease-thumbnail__img d-block width-full height-auto aspect-ratio-1032-548 object-fit-cover" alt="" decoding="async" srcset="https://github.blog/wp-content/uploads/2024/07/Screenshot-2024-07-23-at-8.42.45 AM.png?w=800 800w, https://github.blog/wp-content/uploads/2024/07/Screenshot-2024-07-23-at-8.42.45 AM.png?w=400 400w, https://github.blog/wp-content/uploads/2024/07/Screenshot-2024-07-23-at-8.42.45 AM.png?w=1032 1032w, https://github.blog/wp-content/uploads/2024/07/Screenshot-2024-07-23-at-8.42.45 AM.png?w=516 516w" sizes="(max-width: 800px) 100vw, 800px" /></div><a href="https://github.blog/engineering/how-we-use-github-to-be-more-productive-collaborative-and-secure/" class="d-block mb-2 f3 lh-condensed color-fg-default text-bold card__link">How we use GitHub to be more productive, collaborative, and secure</a><p class="mb-3 f5 color-fg-muted">Our engineering and security teams do some incredible work. Let’s take a look at how we use GitHub to be more productive, build collaboratively, and shift security left.</p><span class="Link d-inline-flex flex-items-center" role="presentation">Learn more<svg xmlns="http://www.w3.org/2000/svg" class="octicon d-block ml-1 mt-1" viewBox="0 0 12 12" width="12" height="12"><path d="M4.7 10c-.2 0-.4-.1-.5-.2-.3-.3-.3-.8 0-1.1L6.9 6 4.2 3.3c-.3-.3-.3-.8 0-1.1.3-.3.8-.3 1.1 0l3.3 3.2c.3.3.3.8 0 1.1L5.3 9.7c-.2.2-.4.3-.6.3Z"></path></svg></span></li> </ul> </li> <li id="menu-item-78832"><a href="https://github.blog/enterprise-software/" class="position-relative d-flex flex-items-center flex-start no-wrap py-3 f4-mktg text-bold js-toggle" aria-controls="primary-78832-dropdown" aria-expanded="false" aria-haspopup="true" role="button">Enterprise software<svg viewBox="0 0 16 16" width="16" height="16" class="octicon d-block ml-1 mt-1 color-fg-muted" role="presentation"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></a> <ul class="dropdown d-flex flex-wrap width-full position-absolute left-0 list-style-none mt-2 rounded-3 z-3 overflow-hidden color-border-subtle" aria-label="Enterprise software sub-menu" aria-hidden="true" data-color-mode="light" data-dark-theme="dark" data-light-theme="light" id="primary-78832-dropdown" tabindex="-1"> <li id="menu-item-78869" class="flex-1 p-5 py-xl-7 px-xl-7"><div class="col-9 mb-4 mb-lg-7"><a href="https://github.blog/enterprise-software/" class="d-flex flex-items-center flex-start f3 lh-condensed color-fg-default text-bold">Enterprise software<svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-right ml-1 mt-1" role="presentation"><path d="M6.22 3.22a.75.75 0 0 1 1.06 0l4.25 4.25a.75.75 0 0 1 0 1.06l-4.25 4.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042L9.94 8 6.22 4.28a.75.75 0 0 1 0-1.06Z"></path></svg></a><p class="mt-1 my-0 f4 color-fg-muted">Explore how to write, build, and deploy enterprise software at scale.</p></div> <ul class="d-flex flex-wrap list-style-none" aria-label="Enterprise software sub-menu"> <li id="menu-item-78833" class="col-6 d-block f4 color-fg-default color-border-subtle pr-4 pr-lg-8 border-right"><a href="https://github.blog/enterprise-software/automation/" class="d-block f4 color-fg-default text-bold">Automation</a><p class="mb-0 f5 color-fg-muted">Automating your way to faster and more secure ships.</p></li> <li id="menu-item-78834" class="col-6 d-block f4 color-fg-default color-border-subtle pl-4 pl-lg-8"><a href="https://github.blog/enterprise-software/ci-cd/" class="d-block f4 color-fg-default text-bold">CI/CD</a><p class="mb-0 f5 color-fg-muted">Guides on continuous integration and delivery.</p></li> <li id="menu-item-78835" class="col-6 d-block f4 color-fg-default color-border-subtle pr-4 pr-lg-8 border-right pt-2 pt-lg-4"><a href="https://github.blog/enterprise-software/collaboration/" class="d-block f4 color-fg-default text-bold">Collaboration</a><p class="mb-0 f5 color-fg-muted">Tips, tools, and tricks to improve developer collaboration.</p></li> <li id="menu-item-78836" class="col-6 d-block f4 color-fg-default color-border-subtle pl-4 pl-lg-8 pt-2 pt-lg-4"><a href="https://github.blog/enterprise-software/devops/" class="d-block f4 color-fg-default text-bold">DevOps</a><p class="mb-0 f5 color-fg-muted">DevOps resources for enterprise engineering teams.</p></li> <li id="menu-item-78837" class="col-6 d-block f4 color-fg-default color-border-subtle pr-4 pr-lg-8 border-right pt-2 pt-lg-4"><a href="https://github.blog/enterprise-software/devsecops/" class="d-block f4 color-fg-default text-bold">DevSecOps</a><p class="mb-0 f5 color-fg-muted">How to integrate security into the SDLC.</p></li> <li id="menu-item-78838" class="col-6 d-block f4 color-fg-default color-border-subtle pl-4 pl-lg-8 pt-2 pt-lg-4"><a href="https://github.blog/enterprise-software/governance-and-compliance/" class="d-block f4 color-fg-default text-bold">Governance & compliance</a><p class="mb-0 f5 color-fg-muted">Ensuring your builds stay clean.</p></li> </ul> </li> <li id="menu-item-78870" class="p-5 py-xl-7 px-xl-8 col-4 color-bg-subtle card"><div class="d-block position-relative mb-3 rounded-2 tease-thumbnail overflow-hidden"><img width="800" height="425" src="https://github.blog/wp-content/uploads/2024/07/Screenshot-2024-07-23-at-8.43.47 AM.png?resize=800%2C425" class="tease-thumbnail__img d-block width-full height-auto aspect-ratio-1032-548 object-fit-cover" alt="" decoding="async" srcset="https://github.blog/wp-content/uploads/2024/07/Screenshot-2024-07-23-at-8.43.47 AM.png?w=800 800w, https://github.blog/wp-content/uploads/2024/07/Screenshot-2024-07-23-at-8.43.47 AM.png?w=400 400w, https://github.blog/wp-content/uploads/2024/07/Screenshot-2024-07-23-at-8.43.47 AM.png?w=1032 1032w, https://github.blog/wp-content/uploads/2024/07/Screenshot-2024-07-23-at-8.43.47 AM.png?w=516 516w" sizes="(max-width: 800px) 100vw, 800px" /></div><a href="https://resources.github.com/artificial-intelligence/how-enterprise-engineering-teams-can-successfully-adopt-ai/" class="d-block mb-2 f3 lh-condensed color-fg-default text-bold card__link">How enterprise engineering teams can successfully adopt AI</a><p class="mb-3 f5 color-fg-muted">Learn how to bring AI to your engineering teams and maximize the value that you get from it.</p><span class="Link d-inline-flex flex-items-center" role="presentation">Learn more<svg xmlns="http://www.w3.org/2000/svg" class="octicon d-block ml-1 mt-1" viewBox="0 0 12 12" width="12" height="12"><path d="M4.7 10c-.2 0-.4-.1-.5-.2-.3-.3-.3-.8 0-1.1L6.9 6 4.2 3.3c-.3-.3-.3-.8 0-1.1.3-.3.8-.3 1.1 0l3.3 3.2c.3.3.3.8 0 1.1L5.3 9.7c-.2.2-.4.3-.6.3Z"></path></svg></span></li> </ul> </li> <li id="menu-item-78840"><a href="https://github.blog/news-insights/" class="position-relative d-flex flex-items-center flex-start no-wrap py-3 f4-mktg text-bold js-toggle" aria-controls="primary-78840-dropdown" aria-expanded="false" aria-haspopup="true" role="button">News & insights<svg viewBox="0 0 16 16" width="16" height="16" class="octicon d-block ml-1 mt-1 color-fg-muted" role="presentation"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></a> <ul class="dropdown d-flex flex-wrap width-full position-absolute left-0 list-style-none mt-2 rounded-3 z-3 overflow-hidden color-border-subtle" aria-label="News & insights sub-menu" aria-hidden="true" data-color-mode="light" data-dark-theme="dark" data-light-theme="light" id="primary-78840-dropdown" tabindex="-1"> <li id="menu-item-78871" class="flex-1 p-5 py-xl-7 px-xl-7"><div class="col-9 mb-4 mb-lg-7"><a href="https://github.blog/news-insights/" class="d-flex flex-items-center flex-start f3 lh-condensed color-fg-default text-bold">News & insights<svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-right ml-1 mt-1" role="presentation"><path d="M6.22 3.22a.75.75 0 0 1 1.06 0l4.25 4.25a.75.75 0 0 1 0 1.06l-4.25 4.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042L9.94 8 6.22 4.28a.75.75 0 0 1 0-1.06Z"></path></svg></a><p class="mt-1 my-0 f4 color-fg-muted">Keep up with what’s new and notable from inside GitHub.</p></div> <ul class="d-flex flex-wrap list-style-none" aria-label="News & insights sub-menu"> <li id="menu-item-78841" class="col-6 d-block f4 color-fg-default color-border-subtle pr-4 pr-lg-8 border-right"><a href="https://github.blog/news-insights/company-news/" class="d-block f4 color-fg-default text-bold">Company news</a><p class="mb-0 f5 color-fg-muted">An inside look at news and product updates from GitHub.</p></li> <li id="menu-item-78844" class="col-6 d-block f4 color-fg-default color-border-subtle pl-4 pl-lg-8"><a href="https://github.blog/news-insights/product-news/" class="d-block f4 color-fg-default text-bold">Product</a><p class="mb-0 f5 color-fg-muted">The latest on GitHub’s platform, products, and tools.</p></li> <li id="menu-item-78842" class="col-6 d-block f4 color-fg-default color-border-subtle pr-4 pr-lg-8 border-right pt-2 pt-lg-4"><a href="https://github.blog/news-insights/octoverse/" class="d-block f4 color-fg-default text-bold">Octoverse</a><p class="mb-0 f5 color-fg-muted">Insights into the state of open source on GitHub.</p></li> <li id="menu-item-78843" class="col-6 d-block f4 color-fg-default color-border-subtle pl-4 pl-lg-8 pt-2 pt-lg-4"><a href="https://github.blog/news-insights/policy-news-and-insights/" class="d-block f4 color-fg-default text-bold">Policy</a><p class="mb-0 f5 color-fg-muted">The latest policy and regulatory changes in software.</p></li> <li id="menu-item-78845" class="col-6 d-block f4 color-fg-default color-border-subtle pr-4 pr-lg-8 border-right pt-2 pt-lg-4"><a href="https://github.blog/news-insights/research/" class="d-block f4 color-fg-default text-bold">Research</a><p class="mb-0 f5 color-fg-muted">Data-driven insights around the developer ecosystem.</p></li> <li id="menu-item-78847" class="col-6 d-block f4 color-fg-default color-border-subtle pl-4 pl-lg-8 pt-2 pt-lg-4"><a href="https://github.blog/news-insights/the-library/" class="d-block f4 color-fg-default text-bold">The library</a><p class="mb-0 f5 color-fg-muted">Older news and updates from GitHub.</p></li> </ul> </li> <li id="menu-item-78872" class="p-5 py-xl-7 px-xl-8 col-4 color-bg-subtle card"><div class="d-block position-relative mb-3 rounded-2 tease-thumbnail overflow-hidden"><img width="800" height="425" src="https://github.blog/wp-content/uploads/2024/07/Screenshot-2024-07-23-at-8.44.23 AM.png?resize=800%2C425" class="tease-thumbnail__img d-block width-full height-auto aspect-ratio-1032-548 object-fit-cover" alt="" decoding="async" srcset="https://github.blog/wp-content/uploads/2024/07/Screenshot-2024-07-23-at-8.44.23 AM.png?w=300 300w, https://github.blog/wp-content/uploads/2024/07/Screenshot-2024-07-23-at-8.44.23 AM.png?w=800 800w, https://github.blog/wp-content/uploads/2024/07/Screenshot-2024-07-23-at-8.44.23 AM.png?w=400 400w, https://github.blog/wp-content/uploads/2024/07/Screenshot-2024-07-23-at-8.44.23 AM.png?w=1032 1032w, https://github.blog/wp-content/uploads/2024/07/Screenshot-2024-07-23-at-8.44.23 AM.png?w=516 516w" sizes="(max-width: 800px) 100vw, 800px" /></div><a href="https://github.blog/ai-and-ml/llms/unlocking-the-power-of-unstructured-data-with-rag/" class="d-block mb-2 f3 lh-condensed color-fg-default text-bold card__link">Unlocking the power of unstructured data with RAG</a><p class="mb-3 f5 color-fg-muted">Learn how to use retrieval-augmented generation (RAG) to capture more insights.</p><span class="Link d-inline-flex flex-items-center" role="presentation">Learn more<svg xmlns="http://www.w3.org/2000/svg" class="octicon d-block ml-1 mt-1" viewBox="0 0 12 12" width="12" height="12"><path d="M4.7 10c-.2 0-.4-.1-.5-.2-.3-.3-.3-.8 0-1.1L6.9 6 4.2 3.3c-.3-.3-.3-.8 0-1.1.3-.3.8-.3 1.1 0l3.3 3.2c.3.3.3.8 0 1.1L5.3 9.7c-.2.2-.4.3-.6.3Z"></path></svg></span></li> </ul> </li> <li id="menu-item-78848"><a href="https://github.blog/open-source/" class="position-relative d-flex flex-items-center flex-start no-wrap py-3 f4-mktg text-bold js-toggle" aria-controls="primary-78848-dropdown" aria-expanded="false" aria-haspopup="true" role="button">Open Source<svg viewBox="0 0 16 16" width="16" height="16" class="octicon d-block ml-1 mt-1 color-fg-muted" role="presentation"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></a> <ul class="dropdown d-flex flex-wrap width-full position-absolute left-0 list-style-none mt-2 rounded-3 z-3 overflow-hidden color-border-subtle" aria-label="Open Source sub-menu" aria-hidden="true" data-color-mode="light" data-dark-theme="dark" data-light-theme="light" id="primary-78848-dropdown" tabindex="-1"> <li id="menu-item-78873" class="flex-1 p-5 py-xl-7 px-xl-7"><div class="col-9 mb-4 mb-lg-7"><a href="https://github.blog/open-source/" class="d-flex flex-items-center flex-start f3 lh-condensed color-fg-default text-bold">Open Source<svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-right ml-1 mt-1" role="presentation"><path d="M6.22 3.22a.75.75 0 0 1 1.06 0l4.25 4.25a.75.75 0 0 1 0 1.06l-4.25 4.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042L9.94 8 6.22 4.28a.75.75 0 0 1 0-1.06Z"></path></svg></a><p class="mt-1 my-0 f4 color-fg-muted">Everything open source on GitHub.</p></div> <ul class="d-flex flex-wrap list-style-none" aria-label="Open Source sub-menu"> <li id="menu-item-78851" class="col-6 d-block f4 color-fg-default color-border-subtle pr-4 pr-lg-8 border-right"><a href="https://github.blog/open-source/git/" class="d-block f4 color-fg-default text-bold">Git</a><p class="mb-0 f5 color-fg-muted">The latest Git updates.</p></li> <li id="menu-item-78853" class="col-6 d-block f4 color-fg-default color-border-subtle pl-4 pl-lg-8"><a href="https://github.blog/open-source/maintainers/" class="d-block f4 color-fg-default text-bold">Maintainers</a><p class="mb-0 f5 color-fg-muted">Spotlighting open source maintainers.</p></li> <li id="menu-item-78854" class="col-6 d-block f4 color-fg-default color-border-subtle pr-4 pr-lg-8 border-right pt-2 pt-lg-4"><a href="https://github.blog/open-source/social-impact/" class="d-block f4 color-fg-default text-bold">Social impact</a><p class="mb-0 f5 color-fg-muted">How open source is driving positive change.</p></li> <li id="menu-item-78850" class="col-6 d-block f4 color-fg-default color-border-subtle pl-4 pl-lg-8 pt-2 pt-lg-4"><a href="https://github.blog/open-source/gaming/" class="d-block f4 color-fg-default text-bold">Gaming</a><p class="mb-0 f5 color-fg-muted">Explore open source games on GitHub.</p></li> </ul> </li> <li id="menu-item-78874" class="p-5 py-xl-7 px-xl-8 col-4 color-bg-subtle card"><div class="d-block position-relative mb-3 rounded-2 tease-thumbnail overflow-hidden"><img width="800" height="425" src="https://github.blog/wp-content/uploads/2024/07/Screenshot-2024-07-23-at-8.46.23 AM.png?resize=800%2C425" class="tease-thumbnail__img d-block width-full height-auto aspect-ratio-1032-548 object-fit-cover" alt="" decoding="async" srcset="https://github.blog/wp-content/uploads/2024/07/Screenshot-2024-07-23-at-8.46.23 AM.png?w=800 800w, https://github.blog/wp-content/uploads/2024/07/Screenshot-2024-07-23-at-8.46.23 AM.png?w=400 400w, https://github.blog/wp-content/uploads/2024/07/Screenshot-2024-07-23-at-8.46.23 AM.png?w=1032 1032w, https://github.blog/wp-content/uploads/2024/07/Screenshot-2024-07-23-at-8.46.23 AM.png?w=516 516w" sizes="(max-width: 800px) 100vw, 800px" /></div><a href="https://resources.github.com/software-development/innersource/" class="d-block mb-2 f3 lh-condensed color-fg-default text-bold card__link">An introduction to innersource</a><p class="mb-3 f5 color-fg-muted">Organizations worldwide are incorporating open source methodologies into the way they build and ship their own software.</p><span class="Link d-inline-flex flex-items-center" role="presentation">Learn more<svg xmlns="http://www.w3.org/2000/svg" class="octicon d-block ml-1 mt-1" viewBox="0 0 12 12" width="12" height="12"><path d="M4.7 10c-.2 0-.4-.1-.5-.2-.3-.3-.3-.8 0-1.1L6.9 6 4.2 3.3c-.3-.3-.3-.8 0-1.1.3-.3.8-.3 1.1 0l3.3 3.2c.3.3.3.8 0 1.1L5.3 9.7c-.2.2-.4.3-.6.3Z"></path></svg></span></li> </ul> </li> <li id="menu-item-78859"><a href="https://github.blog/security/" class="position-relative d-flex flex-items-center flex-start no-wrap py-3 f4-mktg text-bold js-toggle" aria-controls="primary-78859-dropdown" aria-expanded="false" aria-haspopup="true" role="button">Security<svg viewBox="0 0 16 16" width="16" height="16" class="octicon d-block ml-1 mt-1 color-fg-muted" role="presentation"><path d="M12.78 5.22a.749.749 0 0 1 0 1.06l-4.25 4.25a.749.749 0 0 1-1.06 0L3.22 6.28a.749.749 0 1 1 1.06-1.06L8 8.939l3.72-3.719a.749.749 0 0 1 1.06 0Z"></path></svg></a> <ul class="dropdown d-flex flex-wrap width-full position-absolute left-0 list-style-none mt-2 rounded-3 z-3 overflow-hidden color-border-subtle" aria-label="Security sub-menu" aria-hidden="true" data-color-mode="light" data-dark-theme="dark" data-light-theme="light" id="primary-78859-dropdown" tabindex="-1"> <li id="menu-item-78875" class="flex-1 p-5 py-xl-7 px-xl-7"><div class="col-9 mb-4 mb-lg-7"><a href="https://github.blog/security/" class="d-flex flex-items-center flex-start f3 lh-condensed color-fg-default text-bold">Security<svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-right ml-1 mt-1" role="presentation"><path d="M6.22 3.22a.75.75 0 0 1 1.06 0l4.25 4.25a.75.75 0 0 1 0 1.06l-4.25 4.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042L9.94 8 6.22 4.28a.75.75 0 0 1 0-1.06Z"></path></svg></a><p class="mt-1 my-0 f4 color-fg-muted">Stay up to date on everything security.</p></div> <ul class="d-flex flex-wrap list-style-none" aria-label="Security sub-menu"> <li id="menu-item-78860" class="col-6 d-block f4 color-fg-default color-border-subtle pr-4 pr-lg-8 border-right"><a href="https://github.blog/security/application-security/" class="d-block f4 color-fg-default text-bold">Application security</a><p class="mb-0 f5 color-fg-muted">Application security, explained.</p></li> <li id="menu-item-78861" class="col-6 d-block f4 color-fg-default color-border-subtle pl-4 pl-lg-8"><a href="https://github.blog/security/supply-chain-security/" class="d-block f4 color-fg-default text-bold">Supply chain security</a><p class="mb-0 f5 color-fg-muted">Demystifying supply chain security.</p></li> <li id="menu-item-78855" class="col-6 d-block f4 color-fg-default color-border-subtle pr-4 pr-lg-8 border-right pt-2 pt-lg-4"><a href="https://github.blog/security/vulnerability-research/" class="d-block f4 color-fg-default text-bold">Vulnerability research</a><p class="mb-0 f5 color-fg-muted">Updates from the GitHub Security Lab.</p></li> <li id="menu-item-78862" class="col-6 d-block f4 color-fg-default color-border-subtle pl-4 pl-lg-8 pt-2 pt-lg-4"><a href="https://github.blog/security/web-application-security/" class="d-block f4 color-fg-default text-bold">Web application security</a><p class="mb-0 f5 color-fg-muted">Helpful tips on securing web applications.</p></li> </ul> </li> <li id="menu-item-78876" class="p-5 py-xl-7 px-xl-8 col-4 color-bg-subtle card"><div class="d-block position-relative mb-3 rounded-2 tease-thumbnail overflow-hidden"><img width="800" height="425" src="https://github.blog/wp-content/uploads/2024/07/Screenshot-2024-07-23-at-8.47.04 AM.png?resize=800%2C425" class="tease-thumbnail__img d-block width-full height-auto aspect-ratio-1032-548 object-fit-cover" alt="" decoding="async" srcset="https://github.blog/wp-content/uploads/2024/07/Screenshot-2024-07-23-at-8.47.04 AM.png?w=800 800w, https://github.blog/wp-content/uploads/2024/07/Screenshot-2024-07-23-at-8.47.04 AM.png?w=400 400w, https://github.blog/wp-content/uploads/2024/07/Screenshot-2024-07-23-at-8.47.04 AM.png?w=1032 1032w, https://github.blog/wp-content/uploads/2024/07/Screenshot-2024-07-23-at-8.47.04 AM.png?w=516 516w" sizes="(max-width: 800px) 100vw, 800px" /></div><a href="https://resources.github.com/security/the-enterprise-guide-to-ai-powered-devsecops/" class="d-block mb-2 f3 lh-condensed color-fg-default text-bold card__link">The enterprise guide to AI-powered DevSecOps</a><p class="mb-3 f5 color-fg-muted">Learn about core challenges in DevSecOps, and how you can start addressing them with AI and automation.</p><span class="Link d-inline-flex flex-items-center" role="presentation">Learn more<svg xmlns="http://www.w3.org/2000/svg" class="octicon d-block ml-1 mt-1" viewBox="0 0 12 12" width="12" height="12"><path d="M4.7 10c-.2 0-.4-.1-.5-.2-.3-.3-.3-.8 0-1.1L6.9 6 4.2 3.3c-.3-.3-.3-.8 0-1.1.3-.3.8-.3 1.1 0l3.3 3.2c.3.3.3.8 0 1.1L5.3 9.7c-.2.2-.4.3-.6.3Z"></path></svg></span></li> </ul> </li> </ul> </div> </nav> </div> <form id="mobile-search" role="search" method="get" class="mobile-search" action="https://github.blog" aria-hidden="true" aria-label="Search form"> <div class="d-flex flex-1 p-3 color-bg-inset"> <div class="d-flex flex-1 position-relative color-bg-transparent" data-color-mode="light" data-light-theme="light" data-dark-theme="dark" > <svg height="20" class="d-flex position-absolute z-3 octicon height-full ml-2 color-fg-subtle" aria-hidden="true" viewBox="0 0 16 16" version="1.1" width="20" role="img"><path fill-rule="evenodd" d="M11.5 7a4.499 4.499 0 11-8.998 0A4.499 4.499 0 0111.5 7zm-.82 4.74a6 6 0 111.06-1.06l3.04 3.04a.75.75 0 11-1.06 1.06l-3.04-3.04z"></path></svg> <input aria-label="Search the blog" type="search" class="pl-6 search-field form-control p-2 flex-1" placeholder="Search the blog…" value="" name="s" id="search-input"> </div> <button class="Button Button--size-medium Button--secondary ml-2" type="submit" > <span class="Button__text"> <span class="Text Text--200 Text--antialiased Text--weight-semibold Button--label Button--label-medium Button--label-secondary"> Search </span> </span> </button> </div> </form> <nav id="mobile-menu" class="mobile-menu position-relative overflow-y-auto flex-1 width-full rounded-top-3" aria-label="Navigation menu" aria-hidden="true" data-color-mode="light" data-light-theme="light" data-dark-theme="dark_dimmed"> <div class="p-5"> <h2 class="mb-5 text-bold color-fg-subtle">Categories</h2> <ul id="menu-new-primary-navigation" class="list-style-none"><li class="mb-5"><a href="https://github.blog/ai-and-ml/" class="d-flex flex-items-center flex-justify-between lh-condensed-ultra text-bold color-fg-default js-toggle" aria-controls="primary-mobile-78814-dropdown" aria-expanded="false" aria-haspopup="true" role="button">AI & ML<svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-right d-block mt-1 color-fg-subtle" role="presentation"><path d="M6.22 3.22a.75.75 0 0 1 1.06 0l4.25 4.25a.75.75 0 0 1 0 1.06l-4.25 4.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042L9.94 8 6.22 4.28a.75.75 0 0 1 0-1.06Z"></path></svg></a> <ul aria-hidden="true" aria-label="AI & ML sub-menu" class="dropdown overflow-y-auto position-absolute top-0 left-0 right-0 bottom-0 flex-wrap p-5 list-style-none rounded-3 z-3 color-bg-default color-border-subtle" id="primary-mobile-78814-dropdown"> <li class="mb-5"><div class="mb-4"><button type="button" class="d-flex flex-items-center mb-4 p-0 border-0 text-semibold color-bg-transparent color-fg-subtle" aria-controls="primary-mobile-78814-dropdown" aria-expanded="true"><svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-left mr-1"><path d="M9.78 12.78a.75.75 0 0 1-1.06 0L4.47 8.53a.75.75 0 0 1 0-1.06l4.25-4.25a.751.751 0 0 1 1.042.018.751.751 0 0 1 .018 1.042L6.06 8l3.72 3.72a.75.75 0 0 1 0 1.06Z"></path></svg>Back</button><a href="https://github.blog/ai-and-ml/" class="d-flex flex-items-center flex-justify-start lh-condensed-ultra text-bold color-fg-default">AI & ML<svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-right ml-1 mt-1" role="presentation"><path d="M6.22 3.22a.75.75 0 0 1 1.06 0l4.25 4.25a.75.75 0 0 1 0 1.06l-4.25 4.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042L9.94 8 6.22 4.28a.75.75 0 0 1 0-1.06Z"></path></svg></a><p class="mt-2 mb-0 color-fg-muted">Learn about artificial intelligence and machine learning across the GitHub ecosystem and the wider industry.</p></div> <ul class="border-top list-style-none"> <li class="mt-4"><a href="https://github.blog/ai-and-ml/generative-ai/" class="text-bold lh-condensed-ultra color-fg-default">Generative AI</a><p class="mb-0 f5 color-fg-muted">Learn how to build with generative AI.</p></li> <li class="mt-4"><a href="https://github.blog/ai-and-ml/github-copilot/" class="text-bold lh-condensed-ultra color-fg-default">GitHub Copilot</a><p class="mb-0 f5 color-fg-muted">Change how you work with GitHub Copilot.</p></li> <li class="mt-4"><a href="https://github.blog/ai-and-ml/llms/" class="text-bold lh-condensed-ultra color-fg-default">LLMs</a><p class="mb-0 f5 color-fg-muted">Everything developers need to know about LLMs.</p></li> <li class="mt-4"><a href="https://github.blog/ai-and-ml/machine-learning/" class="text-bold lh-condensed-ultra color-fg-default">Machine learning</a><p class="mb-0 f5 color-fg-muted">Machine learning tips, tricks, and best practices.</p></li> </ul> </li> <li class="d-none"><div class="mb-4"><a href="https://github.blog/ai-and-ml/generative-ai/how-ai-code-generation-works/" class="d-flex flex-items-center flex-justify-start lh-condensed-ultra text-bold color-fg-default">How AI code generation works</a><p class="mb-3 f5 color-fg-muted">Explore the capabilities and benefits of AI code generation and how it can improve your developer experience.</p><a href="https://github.blog/ai-and-ml/generative-ai/how-ai-code-generation-works/" target="" class="Link d-inline-flex flex-items-center">Learn more<svg xmlns="http://www.w3.org/2000/svg" class="octicon d-block ml-1 mt-1" viewBox="0 0 12 12" width="12" height="12"><path d="M4.7 10c-.2 0-.4-.1-.5-.2-.3-.3-.3-.8 0-1.1L6.9 6 4.2 3.3c-.3-.3-.3-.8 0-1.1.3-.3.8-.3 1.1 0l3.3 3.2c.3.3.3.8 0 1.1L5.3 9.7c-.2.2-.4.3-.6.3Z"></path></svg></a></div></li> </ul> </li> <li class="mb-5"><a href="https://github.blog/developer-skills/" class="d-flex flex-items-center flex-justify-between lh-condensed-ultra text-bold color-fg-default js-toggle" aria-controls="primary-mobile-78819-dropdown" aria-expanded="false" aria-haspopup="true" role="button">Developer skills<svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-right d-block mt-1 color-fg-subtle" role="presentation"><path d="M6.22 3.22a.75.75 0 0 1 1.06 0l4.25 4.25a.75.75 0 0 1 0 1.06l-4.25 4.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042L9.94 8 6.22 4.28a.75.75 0 0 1 0-1.06Z"></path></svg></a> <ul aria-hidden="true" aria-label="Developer skills sub-menu" class="dropdown overflow-y-auto position-absolute top-0 left-0 right-0 bottom-0 flex-wrap p-5 list-style-none rounded-3 z-3 color-bg-default color-border-subtle" id="primary-mobile-78819-dropdown"> <li class="mb-5"><div class="mb-4"><button type="button" class="d-flex flex-items-center mb-4 p-0 border-0 text-semibold color-bg-transparent color-fg-subtle" aria-controls="primary-mobile-78819-dropdown" aria-expanded="true"><svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-left mr-1"><path d="M9.78 12.78a.75.75 0 0 1-1.06 0L4.47 8.53a.75.75 0 0 1 0-1.06l4.25-4.25a.751.751 0 0 1 1.042.018.751.751 0 0 1 .018 1.042L6.06 8l3.72 3.72a.75.75 0 0 1 0 1.06Z"></path></svg>Back</button><a href="https://github.blog/developer-skills/" class="d-flex flex-items-center flex-justify-start lh-condensed-ultra text-bold color-fg-default">Developer skills<svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-right ml-1 mt-1" role="presentation"><path d="M6.22 3.22a.75.75 0 0 1 1.06 0l4.25 4.25a.75.75 0 0 1 0 1.06l-4.25 4.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042L9.94 8 6.22 4.28a.75.75 0 0 1 0-1.06Z"></path></svg></a><p class="mt-2 mb-0 color-fg-muted">Resources for developers to grow in their skills and careers.</p></div> <ul class="border-top list-style-none"> <li class="mt-4"><a href="https://github.blog/developer-skills/application-development/" class="text-bold lh-condensed-ultra color-fg-default">Application development</a><p class="mb-0 f5 color-fg-muted">Insights and best practices for building apps.</p></li> <li class="mt-4"><a href="https://github.blog/developer-skills/career-growth/" class="text-bold lh-condensed-ultra color-fg-default">Career growth</a><p class="mb-0 f5 color-fg-muted">Tips & tricks to grow as a professional developer.</p></li> <li class="mt-4"><a href="https://github.blog/developer-skills/github/" class="text-bold lh-condensed-ultra color-fg-default">GitHub</a><p class="mb-0 f5 color-fg-muted">Improve how you use GitHub at work.</p></li> <li class="mt-4"><a href="https://github.blog/developer-skills/github-education/" class="text-bold lh-condensed-ultra color-fg-default">GitHub Education</a><p class="mb-0 f5 color-fg-muted">Learn how to move into your first professional role.</p></li> <li class="mt-4"><a href="https://github.blog/developer-skills/programming-languages-and-frameworks/" class="text-bold lh-condensed-ultra color-fg-default">Programming languages & frameworks</a><p class="mb-0 f5 color-fg-muted">Stay current on what’s new (or new again).</p></li> </ul> </li> <li class="d-none"><div class="mb-4"><a href="https://docs.github.com/en/get-started" class="d-flex flex-items-center flex-justify-start lh-condensed-ultra text-bold color-fg-default">Get started with GitHub documentation</a><p class="mb-3 f5 color-fg-muted">Learn how to start building, shipping, and maintaining software with GitHub.</p><a href="https://docs.github.com/en/get-started" target="" class="Link d-inline-flex flex-items-center">Learn more<svg xmlns="http://www.w3.org/2000/svg" class="octicon d-block ml-1 mt-1" viewBox="0 0 12 12" width="12" height="12"><path d="M4.7 10c-.2 0-.4-.1-.5-.2-.3-.3-.3-.8 0-1.1L6.9 6 4.2 3.3c-.3-.3-.3-.8 0-1.1.3-.3.8-.3 1.1 0l3.3 3.2c.3.3.3.8 0 1.1L5.3 9.7c-.2.2-.4.3-.6.3Z"></path></svg></a></div></li> </ul> </li> <li class="mb-5"><a href="https://github.blog/engineering/" class="d-flex flex-items-center flex-justify-between lh-condensed-ultra text-bold color-fg-default js-toggle" aria-controls="primary-mobile-78825-dropdown" aria-expanded="false" aria-haspopup="true" role="button">Engineering<svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-right d-block mt-1 color-fg-subtle" role="presentation"><path d="M6.22 3.22a.75.75 0 0 1 1.06 0l4.25 4.25a.75.75 0 0 1 0 1.06l-4.25 4.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042L9.94 8 6.22 4.28a.75.75 0 0 1 0-1.06Z"></path></svg></a> <ul aria-hidden="true" aria-label="Engineering sub-menu" class="dropdown overflow-y-auto position-absolute top-0 left-0 right-0 bottom-0 flex-wrap p-5 list-style-none rounded-3 z-3 color-bg-default color-border-subtle" id="primary-mobile-78825-dropdown"> <li class="mb-5"><div class="mb-4"><button type="button" class="d-flex flex-items-center mb-4 p-0 border-0 text-semibold color-bg-transparent color-fg-subtle" aria-controls="primary-mobile-78825-dropdown" aria-expanded="true"><svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-left mr-1"><path d="M9.78 12.78a.75.75 0 0 1-1.06 0L4.47 8.53a.75.75 0 0 1 0-1.06l4.25-4.25a.751.751 0 0 1 1.042.018.751.751 0 0 1 .018 1.042L6.06 8l3.72 3.72a.75.75 0 0 1 0 1.06Z"></path></svg>Back</button><a href="https://github.blog/engineering/" class="d-flex flex-items-center flex-justify-start lh-condensed-ultra text-bold color-fg-default">Engineering<svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-right ml-1 mt-1" role="presentation"><path d="M6.22 3.22a.75.75 0 0 1 1.06 0l4.25 4.25a.75.75 0 0 1 0 1.06l-4.25 4.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042L9.94 8 6.22 4.28a.75.75 0 0 1 0-1.06Z"></path></svg></a><p class="mt-2 mb-0 color-fg-muted">Get an inside look at how we’re building the home for all developers.</p></div> <ul class="border-top list-style-none"> <li class="mt-4"><a href="https://github.blog/engineering/architecture-optimization/" class="text-bold lh-condensed-ultra color-fg-default">Architecture & optimization</a><p class="mb-0 f5 color-fg-muted">Discover how we deliver a performant and highly available experience across the GitHub platform.</p></li> <li class="mt-4"><a href="https://github.blog/engineering/engineering-principles/" class="text-bold lh-condensed-ultra color-fg-default">Engineering principles</a><p class="mb-0 f5 color-fg-muted">Explore best practices for building software at scale with a majority remote team.</p></li> <li class="mt-4"><a href="https://github.blog/engineering/infrastructure/" class="text-bold lh-condensed-ultra color-fg-default">Infrastructure</a><p class="mb-0 f5 color-fg-muted">Get a glimpse at the technology underlying the world’s leading AI-powered developer platform.</p></li> <li class="mt-4"><a href="https://github.blog/engineering/platform-security/" class="text-bold lh-condensed-ultra color-fg-default">Platform security</a><p class="mb-0 f5 color-fg-muted">Learn how we build security into everything we do across the developer lifecycle.</p></li> <li class="mt-4"><a href="https://github.blog/engineering/user-experience/" class="text-bold lh-condensed-ultra color-fg-default">User experience</a><p class="mb-0 f5 color-fg-muted">Find out what goes into making GitHub the home for all developers.</p></li> </ul> </li> <li class="d-none"><div class="mb-4"><a href="https://github.blog/engineering/how-we-use-github-to-be-more-productive-collaborative-and-secure/" class="d-flex flex-items-center flex-justify-start lh-condensed-ultra text-bold color-fg-default">How we use GitHub to be more productive, collaborative, and secure</a><p class="mb-3 f5 color-fg-muted">Our engineering and security teams do some incredible work. Let’s take a look at how we use GitHub to be more productive, build collaboratively, and shift security left.</p><a href="https://github.blog/engineering/how-we-use-github-to-be-more-productive-collaborative-and-secure/" target="" class="Link d-inline-flex flex-items-center">Learn more<svg xmlns="http://www.w3.org/2000/svg" class="octicon d-block ml-1 mt-1" viewBox="0 0 12 12" width="12" height="12"><path d="M4.7 10c-.2 0-.4-.1-.5-.2-.3-.3-.3-.8 0-1.1L6.9 6 4.2 3.3c-.3-.3-.3-.8 0-1.1.3-.3.8-.3 1.1 0l3.3 3.2c.3.3.3.8 0 1.1L5.3 9.7c-.2.2-.4.3-.6.3Z"></path></svg></a></div></li> </ul> </li> <li class="mb-5"><a href="https://github.blog/enterprise-software/" class="d-flex flex-items-center flex-justify-between lh-condensed-ultra text-bold color-fg-default js-toggle" aria-controls="primary-mobile-78832-dropdown" aria-expanded="false" aria-haspopup="true" role="button">Enterprise software<svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-right d-block mt-1 color-fg-subtle" role="presentation"><path d="M6.22 3.22a.75.75 0 0 1 1.06 0l4.25 4.25a.75.75 0 0 1 0 1.06l-4.25 4.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042L9.94 8 6.22 4.28a.75.75 0 0 1 0-1.06Z"></path></svg></a> <ul aria-hidden="true" aria-label="Enterprise software sub-menu" class="dropdown overflow-y-auto position-absolute top-0 left-0 right-0 bottom-0 flex-wrap p-5 list-style-none rounded-3 z-3 color-bg-default color-border-subtle" id="primary-mobile-78832-dropdown"> <li class="mb-5"><div class="mb-4"><button type="button" class="d-flex flex-items-center mb-4 p-0 border-0 text-semibold color-bg-transparent color-fg-subtle" aria-controls="primary-mobile-78832-dropdown" aria-expanded="true"><svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-left mr-1"><path d="M9.78 12.78a.75.75 0 0 1-1.06 0L4.47 8.53a.75.75 0 0 1 0-1.06l4.25-4.25a.751.751 0 0 1 1.042.018.751.751 0 0 1 .018 1.042L6.06 8l3.72 3.72a.75.75 0 0 1 0 1.06Z"></path></svg>Back</button><a href="https://github.blog/enterprise-software/" class="d-flex flex-items-center flex-justify-start lh-condensed-ultra text-bold color-fg-default">Enterprise software<svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-right ml-1 mt-1" role="presentation"><path d="M6.22 3.22a.75.75 0 0 1 1.06 0l4.25 4.25a.75.75 0 0 1 0 1.06l-4.25 4.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042L9.94 8 6.22 4.28a.75.75 0 0 1 0-1.06Z"></path></svg></a><p class="mt-2 mb-0 color-fg-muted">Explore how to write, build, and deploy enterprise software at scale.</p></div> <ul class="border-top list-style-none"> <li class="mt-4"><a href="https://github.blog/enterprise-software/automation/" class="text-bold lh-condensed-ultra color-fg-default">Automation</a><p class="mb-0 f5 color-fg-muted">Automating your way to faster and more secure ships.</p></li> <li class="mt-4"><a href="https://github.blog/enterprise-software/ci-cd/" class="text-bold lh-condensed-ultra color-fg-default">CI/CD</a><p class="mb-0 f5 color-fg-muted">Guides on continuous integration and delivery.</p></li> <li class="mt-4"><a href="https://github.blog/enterprise-software/collaboration/" class="text-bold lh-condensed-ultra color-fg-default">Collaboration</a><p class="mb-0 f5 color-fg-muted">Tips, tools, and tricks to improve developer collaboration.</p></li> <li class="mt-4"><a href="https://github.blog/enterprise-software/devops/" class="text-bold lh-condensed-ultra color-fg-default">DevOps</a><p class="mb-0 f5 color-fg-muted">DevOps resources for enterprise engineering teams.</p></li> <li class="mt-4"><a href="https://github.blog/enterprise-software/devsecops/" class="text-bold lh-condensed-ultra color-fg-default">DevSecOps</a><p class="mb-0 f5 color-fg-muted">How to integrate security into the SDLC.</p></li> <li class="mt-4"><a href="https://github.blog/enterprise-software/governance-and-compliance/" class="text-bold lh-condensed-ultra color-fg-default">Governance & compliance</a><p class="mb-0 f5 color-fg-muted">Ensuring your builds stay clean.</p></li> </ul> </li> <li class="d-none"><div class="mb-4"><a href="https://resources.github.com/artificial-intelligence/how-enterprise-engineering-teams-can-successfully-adopt-ai/" class="d-flex flex-items-center flex-justify-start lh-condensed-ultra text-bold color-fg-default">How enterprise engineering teams can successfully adopt AI</a><p class="mb-3 f5 color-fg-muted">Learn how to bring AI to your engineering teams and maximize the value that you get from it.</p><a href="https://resources.github.com/artificial-intelligence/how-enterprise-engineering-teams-can-successfully-adopt-ai/" target="" class="Link d-inline-flex flex-items-center">Learn more<svg xmlns="http://www.w3.org/2000/svg" class="octicon d-block ml-1 mt-1" viewBox="0 0 12 12" width="12" height="12"><path d="M4.7 10c-.2 0-.4-.1-.5-.2-.3-.3-.3-.8 0-1.1L6.9 6 4.2 3.3c-.3-.3-.3-.8 0-1.1.3-.3.8-.3 1.1 0l3.3 3.2c.3.3.3.8 0 1.1L5.3 9.7c-.2.2-.4.3-.6.3Z"></path></svg></a></div></li> </ul> </li> <li class="mb-5"><a href="https://github.blog/news-insights/" class="d-flex flex-items-center flex-justify-between lh-condensed-ultra text-bold color-fg-default js-toggle" aria-controls="primary-mobile-78840-dropdown" aria-expanded="false" aria-haspopup="true" role="button">News & insights<svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-right d-block mt-1 color-fg-subtle" role="presentation"><path d="M6.22 3.22a.75.75 0 0 1 1.06 0l4.25 4.25a.75.75 0 0 1 0 1.06l-4.25 4.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042L9.94 8 6.22 4.28a.75.75 0 0 1 0-1.06Z"></path></svg></a> <ul aria-hidden="true" aria-label="News & insights sub-menu" class="dropdown overflow-y-auto position-absolute top-0 left-0 right-0 bottom-0 flex-wrap p-5 list-style-none rounded-3 z-3 color-bg-default color-border-subtle" id="primary-mobile-78840-dropdown"> <li class="mb-5"><div class="mb-4"><button type="button" class="d-flex flex-items-center mb-4 p-0 border-0 text-semibold color-bg-transparent color-fg-subtle" aria-controls="primary-mobile-78840-dropdown" aria-expanded="true"><svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-left mr-1"><path d="M9.78 12.78a.75.75 0 0 1-1.06 0L4.47 8.53a.75.75 0 0 1 0-1.06l4.25-4.25a.751.751 0 0 1 1.042.018.751.751 0 0 1 .018 1.042L6.06 8l3.72 3.72a.75.75 0 0 1 0 1.06Z"></path></svg>Back</button><a href="https://github.blog/news-insights/" class="d-flex flex-items-center flex-justify-start lh-condensed-ultra text-bold color-fg-default">News & insights<svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-right ml-1 mt-1" role="presentation"><path d="M6.22 3.22a.75.75 0 0 1 1.06 0l4.25 4.25a.75.75 0 0 1 0 1.06l-4.25 4.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042L9.94 8 6.22 4.28a.75.75 0 0 1 0-1.06Z"></path></svg></a><p class="mt-2 mb-0 color-fg-muted">Keep up with what’s new and notable from inside GitHub.</p></div> <ul class="border-top list-style-none"> <li class="mt-4"><a href="https://github.blog/news-insights/company-news/" class="text-bold lh-condensed-ultra color-fg-default">Company news</a><p class="mb-0 f5 color-fg-muted">An inside look at news and product updates from GitHub.</p></li> <li class="mt-4"><a href="https://github.blog/news-insights/product-news/" class="text-bold lh-condensed-ultra color-fg-default">Product</a><p class="mb-0 f5 color-fg-muted">The latest on GitHub’s platform, products, and tools.</p></li> <li class="mt-4"><a href="https://github.blog/news-insights/octoverse/" class="text-bold lh-condensed-ultra color-fg-default">Octoverse</a><p class="mb-0 f5 color-fg-muted">Insights into the state of open source on GitHub.</p></li> <li class="mt-4"><a href="https://github.blog/news-insights/policy-news-and-insights/" class="text-bold lh-condensed-ultra color-fg-default">Policy</a><p class="mb-0 f5 color-fg-muted">The latest policy and regulatory changes in software.</p></li> <li class="mt-4"><a href="https://github.blog/news-insights/research/" class="text-bold lh-condensed-ultra color-fg-default">Research</a><p class="mb-0 f5 color-fg-muted">Data-driven insights around the developer ecosystem.</p></li> <li class="mt-4"><a href="https://github.blog/news-insights/the-library/" class="text-bold lh-condensed-ultra color-fg-default">The library</a><p class="mb-0 f5 color-fg-muted">Older news and updates from GitHub.</p></li> </ul> </li> <li class="d-none"><div class="mb-4"><a href="https://github.blog/ai-and-ml/llms/unlocking-the-power-of-unstructured-data-with-rag/" class="d-flex flex-items-center flex-justify-start lh-condensed-ultra text-bold color-fg-default">Unlocking the power of unstructured data with RAG</a><p class="mb-3 f5 color-fg-muted">Learn how to use retrieval-augmented generation (RAG) to capture more insights.</p><a href="https://github.blog/ai-and-ml/llms/unlocking-the-power-of-unstructured-data-with-rag/" target="" class="Link d-inline-flex flex-items-center">Learn more<svg xmlns="http://www.w3.org/2000/svg" class="octicon d-block ml-1 mt-1" viewBox="0 0 12 12" width="12" height="12"><path d="M4.7 10c-.2 0-.4-.1-.5-.2-.3-.3-.3-.8 0-1.1L6.9 6 4.2 3.3c-.3-.3-.3-.8 0-1.1.3-.3.8-.3 1.1 0l3.3 3.2c.3.3.3.8 0 1.1L5.3 9.7c-.2.2-.4.3-.6.3Z"></path></svg></a></div></li> </ul> </li> <li class="mb-5"><a href="https://github.blog/open-source/" class="d-flex flex-items-center flex-justify-between lh-condensed-ultra text-bold color-fg-default js-toggle" aria-controls="primary-mobile-78848-dropdown" aria-expanded="false" aria-haspopup="true" role="button">Open Source<svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-right d-block mt-1 color-fg-subtle" role="presentation"><path d="M6.22 3.22a.75.75 0 0 1 1.06 0l4.25 4.25a.75.75 0 0 1 0 1.06l-4.25 4.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042L9.94 8 6.22 4.28a.75.75 0 0 1 0-1.06Z"></path></svg></a> <ul aria-hidden="true" aria-label="Open Source sub-menu" class="dropdown overflow-y-auto position-absolute top-0 left-0 right-0 bottom-0 flex-wrap p-5 list-style-none rounded-3 z-3 color-bg-default color-border-subtle" id="primary-mobile-78848-dropdown"> <li class="mb-5"><div class="mb-4"><button type="button" class="d-flex flex-items-center mb-4 p-0 border-0 text-semibold color-bg-transparent color-fg-subtle" aria-controls="primary-mobile-78848-dropdown" aria-expanded="true"><svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-left mr-1"><path d="M9.78 12.78a.75.75 0 0 1-1.06 0L4.47 8.53a.75.75 0 0 1 0-1.06l4.25-4.25a.751.751 0 0 1 1.042.018.751.751 0 0 1 .018 1.042L6.06 8l3.72 3.72a.75.75 0 0 1 0 1.06Z"></path></svg>Back</button><a href="https://github.blog/open-source/" class="d-flex flex-items-center flex-justify-start lh-condensed-ultra text-bold color-fg-default">Open Source<svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-right ml-1 mt-1" role="presentation"><path d="M6.22 3.22a.75.75 0 0 1 1.06 0l4.25 4.25a.75.75 0 0 1 0 1.06l-4.25 4.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042L9.94 8 6.22 4.28a.75.75 0 0 1 0-1.06Z"></path></svg></a><p class="mt-2 mb-0 color-fg-muted">Everything open source on GitHub.</p></div> <ul class="border-top list-style-none"> <li class="mt-4"><a href="https://github.blog/open-source/git/" class="text-bold lh-condensed-ultra color-fg-default">Git</a><p class="mb-0 f5 color-fg-muted">The latest Git updates.</p></li> <li class="mt-4"><a href="https://github.blog/open-source/maintainers/" class="text-bold lh-condensed-ultra color-fg-default">Maintainers</a><p class="mb-0 f5 color-fg-muted">Spotlighting open source maintainers.</p></li> <li class="mt-4"><a href="https://github.blog/open-source/social-impact/" class="text-bold lh-condensed-ultra color-fg-default">Social impact</a><p class="mb-0 f5 color-fg-muted">How open source is driving positive change.</p></li> <li class="mt-4"><a href="https://github.blog/open-source/gaming/" class="text-bold lh-condensed-ultra color-fg-default">Gaming</a><p class="mb-0 f5 color-fg-muted">Explore open source games on GitHub.</p></li> </ul> </li> <li class="d-none"><div class="mb-4"><a href="https://resources.github.com/software-development/innersource/" class="d-flex flex-items-center flex-justify-start lh-condensed-ultra text-bold color-fg-default">An introduction to innersource</a><p class="mb-3 f5 color-fg-muted">Organizations worldwide are incorporating open source methodologies into the way they build and ship their own software.</p><a href="https://resources.github.com/software-development/innersource/" target="" class="Link d-inline-flex flex-items-center">Learn more<svg xmlns="http://www.w3.org/2000/svg" class="octicon d-block ml-1 mt-1" viewBox="0 0 12 12" width="12" height="12"><path d="M4.7 10c-.2 0-.4-.1-.5-.2-.3-.3-.3-.8 0-1.1L6.9 6 4.2 3.3c-.3-.3-.3-.8 0-1.1.3-.3.8-.3 1.1 0l3.3 3.2c.3.3.3.8 0 1.1L5.3 9.7c-.2.2-.4.3-.6.3Z"></path></svg></a></div></li> </ul> </li> <li class="mb-5"><a href="https://github.blog/security/" class="d-flex flex-items-center flex-justify-between lh-condensed-ultra text-bold color-fg-default js-toggle" aria-controls="primary-mobile-78859-dropdown" aria-expanded="false" aria-haspopup="true" role="button">Security<svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-right d-block mt-1 color-fg-subtle" role="presentation"><path d="M6.22 3.22a.75.75 0 0 1 1.06 0l4.25 4.25a.75.75 0 0 1 0 1.06l-4.25 4.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042L9.94 8 6.22 4.28a.75.75 0 0 1 0-1.06Z"></path></svg></a> <ul aria-hidden="true" aria-label="Security sub-menu" class="dropdown overflow-y-auto position-absolute top-0 left-0 right-0 bottom-0 flex-wrap p-5 list-style-none rounded-3 z-3 color-bg-default color-border-subtle" id="primary-mobile-78859-dropdown"> <li class="mb-5"><div class="mb-4"><button type="button" class="d-flex flex-items-center mb-4 p-0 border-0 text-semibold color-bg-transparent color-fg-subtle" aria-controls="primary-mobile-78859-dropdown" aria-expanded="true"><svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-left mr-1"><path d="M9.78 12.78a.75.75 0 0 1-1.06 0L4.47 8.53a.75.75 0 0 1 0-1.06l4.25-4.25a.751.751 0 0 1 1.042.018.751.751 0 0 1 .018 1.042L6.06 8l3.72 3.72a.75.75 0 0 1 0 1.06Z"></path></svg>Back</button><a href="https://github.blog/security/" class="d-flex flex-items-center flex-justify-start lh-condensed-ultra text-bold color-fg-default">Security<svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-chevron-right ml-1 mt-1" role="presentation"><path d="M6.22 3.22a.75.75 0 0 1 1.06 0l4.25 4.25a.75.75 0 0 1 0 1.06l-4.25 4.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042L9.94 8 6.22 4.28a.75.75 0 0 1 0-1.06Z"></path></svg></a><p class="mt-2 mb-0 color-fg-muted">Stay up to date on everything security.</p></div> <ul class="border-top list-style-none"> <li class="mt-4"><a href="https://github.blog/security/application-security/" class="text-bold lh-condensed-ultra color-fg-default">Application security</a><p class="mb-0 f5 color-fg-muted">Application security, explained.</p></li> <li class="mt-4"><a href="https://github.blog/security/supply-chain-security/" class="text-bold lh-condensed-ultra color-fg-default">Supply chain security</a><p class="mb-0 f5 color-fg-muted">Demystifying supply chain security.</p></li> <li class="mt-4"><a href="https://github.blog/security/vulnerability-research/" class="text-bold lh-condensed-ultra color-fg-default">Vulnerability research</a><p class="mb-0 f5 color-fg-muted">Updates from the GitHub Security Lab.</p></li> <li class="mt-4"><a href="https://github.blog/security/web-application-security/" class="text-bold lh-condensed-ultra color-fg-default">Web application security</a><p class="mb-0 f5 color-fg-muted">Helpful tips on securing web applications.</p></li> </ul> </li> <li class="d-none"><div class="mb-4"><a href="https://resources.github.com/security/the-enterprise-guide-to-ai-powered-devsecops/" class="d-flex flex-items-center flex-justify-start lh-condensed-ultra text-bold color-fg-default">The enterprise guide to AI-powered DevSecOps</a><p class="mb-3 f5 color-fg-muted">Learn about core challenges in DevSecOps, and how you can start addressing them with AI and automation.</p><a href="https://resources.github.com/security/the-enterprise-guide-to-ai-powered-devsecops/" target="" class="Link d-inline-flex flex-items-center">Learn more<svg xmlns="http://www.w3.org/2000/svg" class="octicon d-block ml-1 mt-1" viewBox="0 0 12 12" width="12" height="12"><path d="M4.7 10c-.2 0-.4-.1-.5-.2-.3-.3-.3-.8 0-1.1L6.9 6 4.2 3.3c-.3-.3-.3-.8 0-1.1.3-.3.8-.3 1.1 0l3.3 3.2c.3.3.3.8 0 1.1L5.3 9.7c-.2.2-.4.3-.6.3Z"></path></svg></a></div></li> </ul> </li> </ul><ul id="menu-secondary-navigation" class="pt-5 border-top list-style-none"><li class="mb-5"><a href="https://github.blog/changelog/" class="d-flex flex-items-center flex-justify-between lh-condensed-ultra text-bold color-fg-default">Changelog</a></li> <li class="mb-5"><a href="https://docs.github.com/" class="d-flex flex-items-center flex-justify-between lh-condensed-ultra text-bold color-fg-default">Docs<svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-link-external d-block mt-1 color-fg-subtle" role="presentation"><path d="M3.75 2h3.5a.75.75 0 0 1 0 1.5h-3.5a.25.25 0 0 0-.25.25v8.5c0 .138.112.25.25.25h8.5a.25.25 0 0 0 .25-.25v-3.5a.75.75 0 0 1 1.5 0v3.5A1.75 1.75 0 0 1 12.25 14h-8.5A1.75 1.75 0 0 1 2 12.25v-8.5C2 2.784 2.784 2 3.75 2Zm6.854-1h4.146a.25.25 0 0 1 .25.25v4.146a.25.25 0 0 1-.427.177L13.03 4.03 9.28 7.78a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042l3.75-3.75-1.543-1.543A.25.25 0 0 1 10.604 1Z"></path></svg></a></li> <li class="mb-5"><a href="https://github.com/customer-stories" class="d-flex flex-items-center flex-justify-between lh-condensed-ultra text-bold color-fg-default">Customer stories<svg viewBox="0 0 16 16" width="16" height="16" class="octicon octicon-link-external d-block mt-1 color-fg-subtle" role="presentation"><path d="M3.75 2h3.5a.75.75 0 0 1 0 1.5h-3.5a.25.25 0 0 0-.25.25v8.5c0 .138.112.25.25.25h8.5a.25.25 0 0 0 .25-.25v-3.5a.75.75 0 0 1 1.5 0v3.5A1.75 1.75 0 0 1 12.25 14h-8.5A1.75 1.75 0 0 1 2 12.25v-8.5C2 2.784 2.784 2 3.75 2Zm6.854-1h4.146a.25.25 0 0 1 .25.25v4.146a.25.25 0 0 1-.427.177L13.03 4.03 9.28 7.78a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042l3.75-3.75-1.543-1.543A.25.25 0 0 1 10.604 1Z"></path></svg></a></li> </ul> <a class="Button Button--size-medium Button--secondary Button--block my-3" href="https://github.com/enterprise/contact?ref_cta=contact20sales&ref_loc=banner&ref_page=blog" target="_blank" data-analytics-click="Blog, click on button, text: Contact sales; ref_location:top nav;" > <span class="Button__text"> <span class="Text Text--200 Text--antialiased Text--weight-semibold Button--label Button--label-medium Button--label-secondary"> Contact sales </span> </span> </a> <a class="Button Button--size-medium Button--primary Button--block" href="https://github.com/features/copilot?utm_source=topnav&utm_medium=blog&utm_campaign=copilotfree" target="_blank" data-analytics-click="Blog, click on button, text: Use Copilot for free; ref_location:top nav;" > <span class="Button__text"> <span class="Text Text--200 Text--antialiased Text--weight-semibold Button--label Button--label-medium Button--label-primary"> Use Copilot for free </span> </span> </a> </div> </nav> </header> </div> <main id="start-of-content"> <div class="gh-changelog-archive-hero d-flex flex-md-items-center position-relative overflow-hidden"> <div class="position-absolute width-full height-full top-0 right-0 events-none"> <img width="1600" height="356" class="object-fit-cover d-none d-md-block width-full height-full" alt="" aria-hidden="true" srcset="https://github.blog/wp-content/themes/github-2021/assets/img/backgrounds/changelog-hero-bg-desktop.jpg, https://github.blog/wp-content/themes/github-2021/assets/img/backgrounds/changelog-hero-bg-desktop@2x.jpg 2x" src="https://github.blog/wp-content/themes/github-2021/assets/img/backgrounds/changelog-hero-bg-desktop.jpg" /> <img width="943" height="514" class="object-fit-cover d-block d-md-none float-left width-fit height-full" alt="" aria-hidden="true" srcset="https://github.blog/wp-content/themes/github-2021/assets/img/backgrounds/changelog-hero-bg-mobile.jpg, https://github.blog/wp-content/themes/github-2021/assets/img/backgrounds/changelog-hero-bg-mobile@2x.jpg 2x" src="https://github.blog/wp-content/themes/github-2021/assets/img/backgrounds/changelog-hero-bg-mobile.jpg" /> </div> <div class="container-xl mx-auto p-responsive-blog width-full position-relative z-1"> <div class="d-flex flex-wrap flex-md-items-center gutter-spacious"> <div class="col-12 col-md-6"> <h1 class="h3-mktg m-0 text-capitalize" style="overflow-wrap: normal;">security-and-compliance</h1> <p class="f3-mktg col-9-max mt-3 mt-md-4 mb-8 mb-md-0">Subscribe to all <span class="text-capitalize">“security-and-compliance”</span> posts via <a class="cl-label-hero__text_link cl-label-hero__text_link_rss" href="https://github.blog/changelog/label/security-and-compliance/feed/">RSS</a> or follow GitHub Changelog on <a class="cl-label-hero__text_link cl-label-hero__text_link_twitter" href="https://twitter.com/ghchangelog">Twitter</a> to stay updated on everything we ship.</p> </div> <div class="col-12 col-md-6"> <div class="changelog-terminal rounded-2 overflow-hidden position-md-relative top-md-8 float-md-right mx-auto mx-md-0 d-flex flex-column"> <div class="gh-terminal-handlebar"> <span class="gh-terminal-handlebar-buttons d-flex flex-row"></span> </div> <div class="gh-terminal-content terminal-mktg text-mono color-bg-default height-full p-3 p-md-4 js-type-in build-in-animate" data-type-delay="80" data-type-row-delay="400" data-color-mode="dark" data-light-theme="light" data-dark-theme="dark"> <div class="js-type-row"> <strong class="code-pink">→</strong> <strong class="color-fg-success">~</strong> <span class="js-type-letters">cd github-changelog</span> </div> <div class="js-type-row"> <strong class="code-pink">→</strong> <strong class="color-fg-success">~/github-changelog|<span class="color-fg-done">main</span></strong> <span class="js-type-letters">git log main</span> </div> <div class="js-type-row"> <span>showing all changes successfully</span> </div> </div> </div> </div> </div> </div> </div> <div class="py-4 border-bottom color-border-subtle" style="border-bottom-color: #EAEEF2 !important;"> <div class="container-xl mx-auto p-responsive-blog"> <form id="changelog-category-select" action="" method="get" class="gh-select-wrap d-inline-block position-relative"> <button type="button" class="gh-select js-changelog-category-dropdown-toggle position-relative" aria-expanded="false" aria-controls="changelog-categories"> security-and-compliance <svg class="octicon octicon-triangle-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path d="M4.427 7.427l3.396 3.396a.25.25 0 00.354 0l3.396-3.396A.25.25 0 0011.396 7H4.604a.25.25 0 00-.177.427z" fill="currentColor"></path></svg> </button> <select class="gh-select-fallback js-changelog-category-dropdown-fallback" onchange="const clgform = document.getElementById('changelog-category-select'); clgform.action = this.value; clgform.submit();"> <option value="https://github.blog/changelog">All categories</option> <option value="https://github.blog/changelog/label/2fa/">2fa</option> <option value="https://github.blog/changelog/label/accessibility/">accessibility</option> <option value="https://github.blog/changelog/label/actions/">actions</option> <option value="https://github.blog/changelog/label/actions-importer/">actions-importer</option> <option value="https://github.blog/changelog/label/admin/">admin</option> <option value="https://github.blog/changelog/label/advanced-security/">advanced-security</option> <option value="https://github.blog/changelog/label/advisory-database/">advisory-database</option> <option value="https://github.blog/changelog/label/api/">api</option> <option value="https://github.blog/changelog/label/apps/">apps</option> <option value="https://github.blog/changelog/label/audit-log/">audit-log</option> <option value="https://github.blog/changelog/label/authentication/">authentication</option> <option value="https://github.blog/changelog/label/billing/">billing</option> <option value="https://github.blog/changelog/label/branches/">branches</option> <option value="https://github.blog/changelog/label/branchprotections/">branchprotections</option> <option value="https://github.blog/changelog/label/brownout/">brownout</option> <option value="https://github.blog/changelog/label/cache/">cache</option> <option value="https://github.blog/changelog/label/chatops/">chatops</option> <option value="https://github.blog/changelog/label/cli/">cli</option> <option value="https://github.blog/changelog/label/closing-down/">closing-down</option> <option value="https://github.blog/changelog/label/code/">code</option> <option value="https://github.blog/changelog/label/code-navigation/">code-navigation</option> <option value="https://github.blog/changelog/label/code-scanning/">code-scanning</option> <option value="https://github.blog/changelog/label/codeql/">codeql</option> <option value="https://github.blog/changelog/label/codesearch/">codesearch</option> <option value="https://github.blog/changelog/label/codespaces/">codespaces</option> <option value="https://github.blog/changelog/label/comments/">comments</option> <option value="https://github.blog/changelog/label/commits/">commits</option> <option value="https://github.blog/changelog/label/community/">community</option> <option value="https://github.blog/changelog/label/compliance/">compliance</option> <option value="https://github.blog/changelog/label/containers/">containers</option> <option value="https://github.blog/changelog/label/copilot/">copilot</option> <option value="https://github.blog/changelog/label/copilot-business/">copilot-business</option> <option value="https://github.blog/changelog/label/copilot-chat/">copilot-chat</option> <option value="https://github.blog/changelog/label/copilot-enterprise/">copilot-enterprise</option> <option value="https://github.blog/changelog/label/dark-mode/">dark-mode</option> <option value="https://github.blog/changelog/label/dependabot/">dependabot</option> <option value="https://github.blog/changelog/label/dependency-graph/">dependency-graph</option> <option value="https://github.blog/changelog/label/deployments/">deployments</option> <option value="https://github.blog/changelog/label/desktop/">desktop</option> <option value="https://github.blog/changelog/label/discussions/">discussions</option> <option value="https://github.blog/changelog/label/docs/">docs</option> <option value="https://github.blog/changelog/label/education/">education</option> <option value="https://github.blog/changelog/label/enterprise/">enterprise</option> <option value="https://github.blog/changelog/label/features/">features</option> <option value="https://github.blog/changelog/label/feed/">feed</option> <option value="https://github.blog/changelog/label/forks/">forks</option> <option value="https://github.blog/changelog/label/ghec/">ghec</option> <option value="https://github.blog/changelog/label/gists/">gists</option> <option value="https://github.blog/changelog/label/git/">git</option> <option value="https://github.blog/changelog/label/innersource/">innersource</option> <option value="https://github.blog/changelog/label/insights/">insights</option> <option value="https://github.blog/changelog/label/issues/">issues</option> <option value="https://github.blog/changelog/label/licensing/">licensing</option> <option value="https://github.blog/changelog/label/markdown/">markdown</option> <option value="https://github.blog/changelog/label/merge-queue/">merge-queue</option> <option value="https://github.blog/changelog/label/metrics/">metrics</option> <option value="https://github.blog/changelog/label/microsoft-teams-2/">microsoft-teams</option> <option value="https://github.blog/changelog/label/migrations/">migrations</option> <option value="https://github.blog/changelog/label/mobile/">mobile</option> <option value="https://github.blog/changelog/label/models/">models</option> <option value="https://github.blog/changelog/label/moderation/">moderation</option> <option value="https://github.blog/changelog/label/navigation/">navigation</option> <option value="https://github.blog/changelog/label/notifications/">notifications</option> <option value="https://github.blog/changelog/label/npm/">npm</option> <option value="https://github.blog/changelog/label/oidc/">oidc</option> <option value="https://github.blog/changelog/label/open-source/">open-source</option> <option value="https://github.blog/changelog/label/organizations/">organizations</option> <option value="https://github.blog/changelog/label/packages/">packages</option> <option value="https://github.blog/changelog/label/pages/">pages</option> <option value="https://github.blog/changelog/label/payments/">payments</option> <option value="https://github.blog/changelog/label/policies/">policies</option> <option value="https://github.blog/changelog/label/product/">product</option> <option value="https://github.blog/changelog/label/profile/">profile</option> <option value="https://github.blog/changelog/label/projects/">projects</option> <option value="https://github.blog/changelog/label/public-preview/">public-preview</option> <option value="https://github.blog/changelog/label/pull-requests/">pull-requests</option> <option value="https://github.blog/changelog/label/releases/">releases</option> <option value="https://github.blog/changelog/label/repos/">repos</option> <option value="https://github.blog/changelog/label/repositories/">repositories</option> <option value="https://github.blog/changelog/label/rules/">rules</option> <option value="https://github.blog/changelog/label/runners/">runners</option> <option value="https://github.blog/changelog/label/search/">search</option> <option value="https://github.blog/changelog/label/secret-scanning/">secret-scanning</option> <option value="https://github.blog/changelog/label/security/">security</option> <option value="https://github.blog/changelog/label/security-and-compliance/" selected>security-and-compliance</option> <option value="https://github.blog/changelog/label/security-overview/">security-overview</option> <option value="https://github.blog/changelog/label/slack/">slack</option> <option value="https://github.blog/changelog/label/sponsors/">sponsors</option> <option value="https://github.blog/changelog/label/ssh/">ssh</option> <option value="https://github.blog/changelog/label/sunset/">sunset</option> <option value="https://github.blog/changelog/label/supply-chain/">supply-chain</option> <option value="https://github.blog/changelog/label/support/">support</option> <option value="https://github.blog/changelog/label/themes/">themes</option> <option value="https://github.blog/changelog/label/ui/">ui</option> <option value="https://github.blog/changelog/label/upload/">upload</option> <option value="https://github.blog/changelog/label/user-management/">user-management</option> <option value="https://github.blog/changelog/label/ux/">ux</option> <option value="https://github.blog/changelog/label/vs-code/">vs-code</option> <option value="https://github.blog/changelog/label/webhooks/">webhooks</option> <option value="https://github.blog/changelog/label/wikis/">wikis</option> <option value="https://github.blog/changelog/label/workflows/">workflows</option> </select> <nav id="changelog-categories" class="js-changelog-category-dropdown position-absolute mt-12px rounded-2 color-bg-default box-shadow-card-border-mktg pl-4 pr-3 py-3 z-3" style="text-transform: capitalize;" hidden> <div class="changelog-category-dropdown-content styled-scrollbar"> <a href="https://github.blog/changelog" class="d-block text-semibold Link--primary mb-12px mr-4">All categories</a> <a href="https://github.blog/changelog/label/2fa/" class="d-block text-semibold Link--primary mb-12px mr-4">2fa</a> <a href="https://github.blog/changelog/label/accessibility/" class="d-block text-semibold Link--primary mb-12px mr-4">accessibility</a> <a href="https://github.blog/changelog/label/actions/" class="d-block text-semibold Link--primary mb-12px mr-4">actions</a> <a href="https://github.blog/changelog/label/actions-importer/" class="d-block text-semibold Link--primary mb-12px mr-4">actions-importer</a> <a href="https://github.blog/changelog/label/admin/" class="d-block text-semibold Link--primary mb-12px mr-4">admin</a> <a href="https://github.blog/changelog/label/advanced-security/" class="d-block text-semibold Link--primary mb-12px mr-4">advanced-security</a> <a href="https://github.blog/changelog/label/advisory-database/" class="d-block text-semibold Link--primary mb-12px mr-4">advisory-database</a> <a href="https://github.blog/changelog/label/api/" class="d-block text-semibold Link--primary mb-12px mr-4">api</a> <a href="https://github.blog/changelog/label/apps/" class="d-block text-semibold Link--primary mb-12px mr-4">apps</a> <a href="https://github.blog/changelog/label/audit-log/" class="d-block text-semibold Link--primary mb-12px mr-4">audit-log</a> <a href="https://github.blog/changelog/label/authentication/" class="d-block text-semibold Link--primary mb-12px mr-4">authentication</a> <a href="https://github.blog/changelog/label/billing/" class="d-block text-semibold Link--primary mb-12px mr-4">billing</a> <a href="https://github.blog/changelog/label/branches/" class="d-block text-semibold Link--primary mb-12px mr-4">branches</a> <a href="https://github.blog/changelog/label/branchprotections/" class="d-block text-semibold Link--primary mb-12px mr-4">branchprotections</a> <a href="https://github.blog/changelog/label/brownout/" class="d-block text-semibold Link--primary mb-12px mr-4">brownout</a> <a href="https://github.blog/changelog/label/cache/" class="d-block text-semibold Link--primary mb-12px mr-4">cache</a> <a href="https://github.blog/changelog/label/chatops/" class="d-block text-semibold Link--primary mb-12px mr-4">chatops</a> <a href="https://github.blog/changelog/label/cli/" class="d-block text-semibold Link--primary mb-12px mr-4">cli</a> <a href="https://github.blog/changelog/label/closing-down/" class="d-block text-semibold Link--primary mb-12px mr-4">closing-down</a> <a href="https://github.blog/changelog/label/code/" class="d-block text-semibold Link--primary mb-12px mr-4">code</a> <a href="https://github.blog/changelog/label/code-navigation/" class="d-block text-semibold Link--primary mb-12px mr-4">code-navigation</a> <a href="https://github.blog/changelog/label/code-scanning/" class="d-block text-semibold Link--primary mb-12px mr-4">code-scanning</a> <a href="https://github.blog/changelog/label/codeql/" class="d-block text-semibold Link--primary mb-12px mr-4">codeql</a> <a href="https://github.blog/changelog/label/codesearch/" class="d-block text-semibold Link--primary mb-12px mr-4">codesearch</a> <a href="https://github.blog/changelog/label/codespaces/" class="d-block text-semibold Link--primary mb-12px mr-4">codespaces</a> <a href="https://github.blog/changelog/label/comments/" class="d-block text-semibold Link--primary mb-12px mr-4">comments</a> <a href="https://github.blog/changelog/label/commits/" class="d-block text-semibold Link--primary mb-12px mr-4">commits</a> <a href="https://github.blog/changelog/label/community/" class="d-block text-semibold Link--primary mb-12px mr-4">community</a> <a href="https://github.blog/changelog/label/compliance/" class="d-block text-semibold Link--primary mb-12px mr-4">compliance</a> <a href="https://github.blog/changelog/label/containers/" class="d-block text-semibold Link--primary mb-12px mr-4">containers</a> <a href="https://github.blog/changelog/label/copilot/" class="d-block text-semibold Link--primary mb-12px mr-4">copilot</a> <a href="https://github.blog/changelog/label/copilot-business/" class="d-block text-semibold Link--primary mb-12px mr-4">copilot-business</a> <a href="https://github.blog/changelog/label/copilot-chat/" class="d-block text-semibold Link--primary mb-12px mr-4">copilot-chat</a> <a href="https://github.blog/changelog/label/copilot-enterprise/" class="d-block text-semibold Link--primary mb-12px mr-4">copilot-enterprise</a> <a href="https://github.blog/changelog/label/dark-mode/" class="d-block text-semibold Link--primary mb-12px mr-4">dark-mode</a> <a href="https://github.blog/changelog/label/dependabot/" class="d-block text-semibold Link--primary mb-12px mr-4">dependabot</a> <a href="https://github.blog/changelog/label/dependency-graph/" class="d-block text-semibold Link--primary mb-12px mr-4">dependency-graph</a> <a href="https://github.blog/changelog/label/deployments/" class="d-block text-semibold Link--primary mb-12px mr-4">deployments</a> <a href="https://github.blog/changelog/label/desktop/" class="d-block text-semibold Link--primary mb-12px mr-4">desktop</a> <a href="https://github.blog/changelog/label/discussions/" class="d-block text-semibold Link--primary mb-12px mr-4">discussions</a> <a href="https://github.blog/changelog/label/docs/" class="d-block text-semibold Link--primary mb-12px mr-4">docs</a> <a href="https://github.blog/changelog/label/education/" class="d-block text-semibold Link--primary mb-12px mr-4">education</a> <a href="https://github.blog/changelog/label/enterprise/" class="d-block text-semibold Link--primary mb-12px mr-4">enterprise</a> <a href="https://github.blog/changelog/label/features/" class="d-block text-semibold Link--primary mb-12px mr-4">features</a> <a href="https://github.blog/changelog/label/feed/" class="d-block text-semibold Link--primary mb-12px mr-4">feed</a> <a href="https://github.blog/changelog/label/forks/" class="d-block text-semibold Link--primary mb-12px mr-4">forks</a> <a href="https://github.blog/changelog/label/ghec/" class="d-block text-semibold Link--primary mb-12px mr-4">ghec</a> <a href="https://github.blog/changelog/label/gists/" class="d-block text-semibold Link--primary mb-12px mr-4">gists</a> <a href="https://github.blog/changelog/label/git/" class="d-block text-semibold Link--primary mb-12px mr-4">git</a> <a href="https://github.blog/changelog/label/innersource/" class="d-block text-semibold Link--primary mb-12px mr-4">innersource</a> <a href="https://github.blog/changelog/label/insights/" class="d-block text-semibold Link--primary mb-12px mr-4">insights</a> <a href="https://github.blog/changelog/label/issues/" class="d-block text-semibold Link--primary mb-12px mr-4">issues</a> <a href="https://github.blog/changelog/label/licensing/" class="d-block text-semibold Link--primary mb-12px mr-4">licensing</a> <a href="https://github.blog/changelog/label/markdown/" class="d-block text-semibold Link--primary mb-12px mr-4">markdown</a> <a href="https://github.blog/changelog/label/merge-queue/" class="d-block text-semibold Link--primary mb-12px mr-4">merge-queue</a> <a href="https://github.blog/changelog/label/metrics/" class="d-block text-semibold Link--primary mb-12px mr-4">metrics</a> <a href="https://github.blog/changelog/label/microsoft-teams-2/" class="d-block text-semibold Link--primary mb-12px mr-4">microsoft-teams</a> <a href="https://github.blog/changelog/label/migrations/" class="d-block text-semibold Link--primary mb-12px mr-4">migrations</a> <a href="https://github.blog/changelog/label/mobile/" class="d-block text-semibold Link--primary mb-12px mr-4">mobile</a> <a href="https://github.blog/changelog/label/models/" class="d-block text-semibold Link--primary mb-12px mr-4">models</a> <a href="https://github.blog/changelog/label/moderation/" class="d-block text-semibold Link--primary mb-12px mr-4">moderation</a> <a href="https://github.blog/changelog/label/navigation/" class="d-block text-semibold Link--primary mb-12px mr-4">navigation</a> <a href="https://github.blog/changelog/label/notifications/" class="d-block text-semibold Link--primary mb-12px mr-4">notifications</a> <a href="https://github.blog/changelog/label/npm/" class="d-block text-semibold Link--primary mb-12px mr-4">npm</a> <a href="https://github.blog/changelog/label/oidc/" class="d-block text-semibold Link--primary mb-12px mr-4">oidc</a> <a href="https://github.blog/changelog/label/open-source/" class="d-block text-semibold Link--primary mb-12px mr-4">open-source</a> <a href="https://github.blog/changelog/label/organizations/" class="d-block text-semibold Link--primary mb-12px mr-4">organizations</a> <a href="https://github.blog/changelog/label/packages/" class="d-block text-semibold Link--primary mb-12px mr-4">packages</a> <a href="https://github.blog/changelog/label/pages/" class="d-block text-semibold Link--primary mb-12px mr-4">pages</a> <a href="https://github.blog/changelog/label/payments/" class="d-block text-semibold Link--primary mb-12px mr-4">payments</a> <a href="https://github.blog/changelog/label/policies/" class="d-block text-semibold Link--primary mb-12px mr-4">policies</a> <a href="https://github.blog/changelog/label/product/" class="d-block text-semibold Link--primary mb-12px mr-4">product</a> <a href="https://github.blog/changelog/label/profile/" class="d-block text-semibold Link--primary mb-12px mr-4">profile</a> <a href="https://github.blog/changelog/label/projects/" class="d-block text-semibold Link--primary mb-12px mr-4">projects</a> <a href="https://github.blog/changelog/label/public-preview/" class="d-block text-semibold Link--primary mb-12px mr-4">public-preview</a> <a href="https://github.blog/changelog/label/pull-requests/" class="d-block text-semibold Link--primary mb-12px mr-4">pull-requests</a> <a href="https://github.blog/changelog/label/releases/" class="d-block text-semibold Link--primary mb-12px mr-4">releases</a> <a href="https://github.blog/changelog/label/repos/" class="d-block text-semibold Link--primary mb-12px mr-4">repos</a> <a href="https://github.blog/changelog/label/repositories/" class="d-block text-semibold Link--primary mb-12px mr-4">repositories</a> <a href="https://github.blog/changelog/label/rules/" class="d-block text-semibold Link--primary mb-12px mr-4">rules</a> <a href="https://github.blog/changelog/label/runners/" class="d-block text-semibold Link--primary mb-12px mr-4">runners</a> <a href="https://github.blog/changelog/label/search/" class="d-block text-semibold Link--primary mb-12px mr-4">search</a> <a href="https://github.blog/changelog/label/secret-scanning/" class="d-block text-semibold Link--primary mb-12px mr-4">secret-scanning</a> <a href="https://github.blog/changelog/label/security/" class="d-block text-semibold Link--primary mb-12px mr-4">security</a> <a href="https://github.blog/changelog/label/security-and-compliance/" class="d-block text-semibold Link--primary mb-12px mr-4 text-gradient-purple-coral">security-and-compliance</a> <a href="https://github.blog/changelog/label/security-overview/" class="d-block text-semibold Link--primary mb-12px mr-4">security-overview</a> <a href="https://github.blog/changelog/label/slack/" class="d-block text-semibold Link--primary mb-12px mr-4">slack</a> <a href="https://github.blog/changelog/label/sponsors/" class="d-block text-semibold Link--primary mb-12px mr-4">sponsors</a> <a href="https://github.blog/changelog/label/ssh/" class="d-block text-semibold Link--primary mb-12px mr-4">ssh</a> <a href="https://github.blog/changelog/label/sunset/" class="d-block text-semibold Link--primary mb-12px mr-4">sunset</a> <a href="https://github.blog/changelog/label/supply-chain/" class="d-block text-semibold Link--primary mb-12px mr-4">supply-chain</a> <a href="https://github.blog/changelog/label/support/" class="d-block text-semibold Link--primary mb-12px mr-4">support</a> <a href="https://github.blog/changelog/label/themes/" class="d-block text-semibold Link--primary mb-12px mr-4">themes</a> <a href="https://github.blog/changelog/label/ui/" class="d-block text-semibold Link--primary mb-12px mr-4">ui</a> <a href="https://github.blog/changelog/label/upload/" class="d-block text-semibold Link--primary mb-12px mr-4">upload</a> <a href="https://github.blog/changelog/label/user-management/" class="d-block text-semibold Link--primary mb-12px mr-4">user-management</a> <a href="https://github.blog/changelog/label/ux/" class="d-block text-semibold Link--primary mb-12px mr-4">ux</a> <a href="https://github.blog/changelog/label/vs-code/" class="d-block text-semibold Link--primary mb-12px mr-4">vs-code</a> <a href="https://github.blog/changelog/label/webhooks/" class="d-block text-semibold Link--primary mb-12px mr-4">webhooks</a> <a href="https://github.blog/changelog/label/wikis/" class="d-block text-semibold Link--primary mb-12px mr-4">wikis</a> <a href="https://github.blog/changelog/label/workflows/" class="d-block text-semibold Link--primary mb-12px mr-4">workflows</a> </div> </nav> </form> </div> </div> <div class="js-ajax-root mt-md-7 mb-9 mb-md-12"> <div class="container-xl mx-auto p-responsive-blog js-ajax-landing"> <article id="changelog-82690" class="d-flex gutter-spacious flex-wrap position-relative changelog-line js-ajax-fetchable post-82690 changelog type-changelog status-publish hentry changelog-label-advanced-security changelog-label-dependabot changelog-label-security changelog-label-security-and-compliance"> <div class="pb-4 pt-5 pt-md-7 col-12 col-md-5 position-relative"> <div class="changelog-single-details position-sticky top-12"> <svg class="octicon octicon-commit position-absolute left-0 color-bg-default color-fg-muted" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" width="28" height="28"><path fill-rule="evenodd" d="M15.5 11.75a3.5 3.5 0 11-7 0 3.5 3.5 0 017 0zm1.444-.75a5.001 5.001 0 00-9.888 0H2.75a.75.75 0 100 1.5h4.306a5.001 5.001 0 009.888 0h4.306a.75.75 0 100-1.5h-4.306z" fill="currentColor"></path></svg> <h2 class="h5-mktg"><a class="Link--primary" href="https://github.blog/changelog/2025-02-19-dependabot-helps-users-focus-on-the-most-important-alerts-by-including-epss-scores-that-indicate-likelihood-of-exploitation-now-generally-available" rel="bookmark">Dependabot helps users focus on the most important alerts by including EPSS scores that indicate likelihood of exploitation, now generally available</a></h2> <time datetime="2025-02-19" class="d-block f5-mktg text-medium color-fg-muted mt-14px">February 19, 2025</time> <ul class="d-inline-block list-style-none post-hero__categories mt-2"><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/advanced-security/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">advanced-security</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/dependabot/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">dependabot</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/security/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">security</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/security-and-compliance/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">security-and-compliance</a></li></ul> </div> </div> <div class="col-12 col-md-7"> <div class="pb-5 pt-0 py-md-7 changelog-single-content-wrap border-bottom"> <div id="changelog-single-content-82690" class="post__content changelog-single-content js-show-all-target"> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> <html><body><p>Dependabot alerts now feature the Exploit Prediction Scoring System (EPSS) from the global Forum of Incident Response and Security Teams (FIRST), helping you better assess vulnerability risks.</p> <p>EPSS scores predict the likelihood of a vulnerability being exploited, with scores ranging from 0 to 1 (0 to 100%). Higher scores mean higher risk. We also show the EPSS score percentile, indicating how a vulnerability compares to others.</p> <p>For example, a 90.534% EPSS score at the 95th percentile means:</p> <ul> <li>90.534% chance of exploitation in the next 30 days</li> <li>95% of other vulnerabilities are less likely to be exploited</li> </ul> <p>You can use EPSS scores to help prioritize dependency vulnerabilities based on exploit likelihood.</p> <p>This feature is available on GitHub.com today, and will be available in GitHub Enterprise Server staring with version 3.17.</p> <p>Learn more in <a href="https://www.first.org/epss/user-guide">FIRST’s EPSS User Guide</a>.<br> Join the discussion within <a href="https://github.com/orgs/community/discussions/categories/announcements">GitHub Community</a>.<br> Read more about viewing, sorting, and filtering Dependabot alerts in <a href="https://docs.github.com/en/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts">GitHub’s Dependabot docs</a>.</p> </body></html> </div> <a href="https://github.blog/changelog/2025-02-19-dependabot-helps-users-focus-on-the-most-important-alerts-by-including-epss-scores-that-indicate-likelihood-of-exploitation-now-generally-available" role="button" class="Link--primary d-none d-md-inline-block mt-4 text-bold js-show-trigger" aria-expanded="false" aria-controls="changelog-single-content-82690"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> <a href="https://github.blog/changelog/2025-02-19-dependabot-helps-users-focus-on-the-most-important-alerts-by-including-epss-scores-that-indicate-likelihood-of-exploitation-now-generally-available" class="Link--primary d-inline-block d-md-none mt-4 text-bold js-show-trigger-alt"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> </div> </div> </article> <article id="changelog-82632" class="d-flex gutter-spacious flex-wrap position-relative changelog-line js-ajax-fetchable post-82632 changelog type-changelog status-publish hentry changelog-label-advanced-security changelog-label-secret-scanning changelog-label-security-and-compliance"> <div class="pb-4 pt-5 pt-md-7 col-12 col-md-5 position-relative"> <div class="changelog-single-details position-sticky top-12"> <svg class="octicon octicon-commit position-absolute left-0 color-bg-default color-fg-muted" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" width="28" height="28"><path fill-rule="evenodd" d="M15.5 11.75a3.5 3.5 0 11-7 0 3.5 3.5 0 017 0zm1.444-.75a5.001 5.001 0 00-9.888 0H2.75a.75.75 0 100 1.5h4.306a5.001 5.001 0 009.888 0h4.306a.75.75 0 100-1.5h-4.306z" fill="currentColor"></path></svg> <h2 class="h5-mktg"><a class="Link--primary" href="https://github.blog/changelog/2025-02-14-secret-scanning-detects-base64-encoded-github-tokens" rel="bookmark">Secret scanning detects Base64-encoded GitHub tokens</a></h2> <time datetime="2025-02-14" class="d-block f5-mktg text-medium color-fg-muted mt-14px">February 14, 2025</time> <ul class="d-inline-block list-style-none post-hero__categories mt-2"><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/advanced-security/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">advanced-security</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/secret-scanning/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">secret-scanning</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/security-and-compliance/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">security-and-compliance</a></li></ul> </div> </div> <div class="col-12 col-md-7"> <div class="pb-5 pt-0 py-md-7 changelog-single-content-wrap border-bottom"> <div id="changelog-single-content-82632" class="post__content changelog-single-content js-show-all-target"> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> <html><body><p>GitHub continually updates its detectors for secret scanning with new patterns and upgrades of existing patterns, ensuring your repositories have comprehensive detection for different secret types.</p> <p>GitHub now automatically detects Base64-encoded secrets for the following token types:</p> <ul> <li>GitHub personal access tokens</li> <li>GitHub OAuth access tokens</li> <li>GitHub user to server tokens</li> <li>GitHub server to server tokens.</li> </ul> <p>GitHub secret scanning protects users by searching repositories for known types of secrets such as tokens and private keys. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. See the full list of supported secrets in the documentation.</p> <p><a href="https://docs.github.com/github/administering-a-repository/about-secret-scanning">Learn more about secret scanning</a> or <a href="https://github.com/orgs/community/discussions/categories/code-security">join the discussion</a> on our dedicated GitHub community.</p> </body></html> </div> <a href="https://github.blog/changelog/2025-02-14-secret-scanning-detects-base64-encoded-github-tokens" role="button" class="Link--primary d-none d-md-inline-block mt-4 text-bold js-show-trigger" aria-expanded="false" aria-controls="changelog-single-content-82632"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> <a href="https://github.blog/changelog/2025-02-14-secret-scanning-detects-base64-encoded-github-tokens" class="Link--primary d-inline-block d-md-none mt-4 text-bold js-show-trigger-alt"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> </div> </div> </article> <article id="changelog-82600" class="d-flex gutter-spacious flex-wrap position-relative changelog-line js-ajax-fetchable post-82600 changelog type-changelog status-publish hentry changelog-label-advanced-security changelog-label-dependabot changelog-label-security changelog-label-security-and-compliance"> <div class="pb-4 pt-5 pt-md-7 col-12 col-md-5 position-relative"> <div class="changelog-single-details position-sticky top-12"> <svg class="octicon octicon-commit position-absolute left-0 color-bg-default color-fg-muted" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" width="28" height="28"><path fill-rule="evenodd" d="M15.5 11.75a3.5 3.5 0 11-7 0 3.5 3.5 0 017 0zm1.444-.75a5.001 5.001 0 00-9.888 0H2.75a.75.75 0 100 1.5h4.306a5.001 5.001 0 009.888 0h4.306a.75.75 0 100-1.5h-4.306z" fill="currentColor"></path></svg> <h2 class="h5-mktg"><a class="Link--primary" href="https://github.blog/changelog/2025-02-13-dependabot-version-updates-now-support-the-bun-package-manager-ga" rel="bookmark">Dependabot version updates now support the bun package manager – [GA]</a></h2> <time datetime="2025-02-13" class="d-block f5-mktg text-medium color-fg-muted mt-14px">February 13, 2025</time> <ul class="d-inline-block list-style-none post-hero__categories mt-2"><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/advanced-security/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">advanced-security</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/dependabot/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">dependabot</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/security/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">security</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/security-and-compliance/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">security-and-compliance</a></li></ul> </div> </div> <div class="col-12 col-md-7"> <div class="pb-5 pt-0 py-md-7 changelog-single-content-wrap border-bottom"> <div id="changelog-single-content-82600" class="post__content changelog-single-content js-show-all-target"> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> <html><body><p>Developers can now use Dependabot to keep their <code>bun</code> dependencies up to date automatically. For projects that use <code>bun</code> as a package manager, Dependabot Version Updates can now ensure dependencies stay current with the latest releases.</p> <p>Support for <code>bun</code> security updates will be added in the future.</p> <ul> <li><a href="https://github.com/dependabot/dependabot-core/issues/6528">Engage with the Dependabot open source community on the topic of <code>bun</code> support</a></li> <li><a href="https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates">Learn more about Dependabot version updates</a> </li> <li><a href="https://bun.sh/package-manager">Learn more about <code>bun</code></a></li> </ul> </body></html> </div> <a href="https://github.blog/changelog/2025-02-13-dependabot-version-updates-now-support-the-bun-package-manager-ga" role="button" class="Link--primary d-none d-md-inline-block mt-4 text-bold js-show-trigger" aria-expanded="false" aria-controls="changelog-single-content-82600"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> <a href="https://github.blog/changelog/2025-02-13-dependabot-version-updates-now-support-the-bun-package-manager-ga" class="Link--primary d-inline-block d-md-none mt-4 text-bold js-show-trigger-alt"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> </div> </div> </article> <article id="changelog-82566" class="d-flex gutter-spacious flex-wrap position-relative changelog-line js-ajax-fetchable post-82566 changelog type-changelog status-publish hentry changelog-label-advanced-security changelog-label-code-scanning changelog-label-codeql changelog-label-security changelog-label-security-and-compliance"> <div class="pb-4 pt-5 pt-md-7 col-12 col-md-5 position-relative"> <div class="changelog-single-details position-sticky top-12"> <svg class="octicon octicon-commit position-absolute left-0 color-bg-default color-fg-muted" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" width="28" height="28"><path fill-rule="evenodd" d="M15.5 11.75a3.5 3.5 0 11-7 0 3.5 3.5 0 017 0zm1.444-.75a5.001 5.001 0 00-9.888 0H2.75a.75.75 0 100 1.5h4.306a5.001 5.001 0 009.888 0h4.306a.75.75 0 100-1.5h-4.306z" fill="currentColor"></path></svg> <h2 class="h5-mktg"><a class="Link--primary" href="https://github.blog/changelog/2025-02-12-codeql-performance-and-coverage-improvements-in-recent-releases" rel="bookmark">CodeQL performance and coverage improvements in recent releases</a></h2> <time datetime="2025-02-12" class="d-block f5-mktg text-medium color-fg-muted mt-14px">February 12, 2025</time> <ul class="d-inline-block list-style-none post-hero__categories mt-2"><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/advanced-security/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">advanced-security</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/code-scanning/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">code-scanning</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/codeql/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">codeql</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/security/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">security</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/security-and-compliance/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">security-and-compliance</a></li></ul> </div> </div> <div class="col-12 col-md-7"> <div class="pb-5 pt-0 py-md-7 changelog-single-content-wrap border-bottom"> <div id="changelog-single-content-82566" class="post__content changelog-single-content js-show-all-target"> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> <html><body><p>CodeQL is the static analysis engine behind <a href="https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql">GitHub code scanning</a>, which finds and remediates security issues in your code. The CodeQL engine has become faster, covers 28 more security queries, supports more ecosystems, and can now scan <a href="https://github.blog/changelog/2024-12-17-find-and-fix-actions-workflows-vulnerabilities-with-codeql-public-preview">GitHub Actions (public preview)</a>—among various other bug fixes and small improvements.</p> <p>All of these improvements were automatically rolled out to code scanning users in the past few months. For users of the CodeQL CLI, here are some highlights of the past few CodeQL releases:</p> <ul> <li><strong><a href="https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.20.4/">CodeQL 2.20.4</a></strong> – <em>6 February 2025</em> <ul> <li>Analysis support for GitHub Actions workflow files is now in public preview, and therefore the use of the <code>actions</code> language (for analysis of GitHub Actions workflows) no longer requires the <code>CODEQL_ENABLE_EXPERIMENTAL_FEATURES</code> environment variable to be set.</li> <li>All experimental queries for C#, Java, and Kotlin have been migrated to the default query suite in the <a href="https://github.com/GitHubSecurityLab/CodeQL-Community-Packs">CodeQL community packs</a> that are managed by GitHub Security Lab.</li> </ul> </li> <li><strong><a href="https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.20.3/">CodeQL 2.20.3</a></strong> – <em>24 January 2025</em> <ul> <li>Resolves a security vulnerability where CodeQL databases or logs produced by the CodeQL CLI may contain the environment variables from the time of database creation. This includes any secrets stored in an environment variables. For more information, see the <a href="https://github.com/github/codeql-cli-binaries/security/advisories/GHSA-gqh3-9prg-j95m">CodeQL CLI security advisory</a>.</li> </ul> </li> <li><strong><a href="https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.20.2/">CodeQL 2.20.2</a></strong> – <em>22 January 2025</em> <ul> <li>All data flow queries have been standardized on a single data flow library, which may result in differences for JavaScript and TypeScript analysis.</li> <li>CodeQL databases now take 2-3x less space on disk, which makes them faster to transfer and read/manipulate. This is thanks to a new compressed database format.</li> </ul> </li> <li><strong><a href="https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.20.1/">CodeQL 2.20.1</a></strong> – <em>9 January 2025</em> <ul> <li>CodeQL is now easier to set up and roll out: automatic build command detection with automatic dependency installation for C/C++ is now supported on Ubuntu 24.04.</li> <li>A new Server Side Template Injection query for Python has been released, thanks to a <a href="https://github.com/github/codeql/pull/3396">community contribution</a>.</li> <li>Swift 6.0.2 is <a href="https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.20.1/#swift">now supported</a>.</li> </ul> </li> <li><strong><a href="https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.19.4/">CodeQL 2.19.4</a></strong> – <em>2 December 2024</em> <ul> <li>Analysis coverage improvement: the <a href="https://bottlepy.org/docs/dev/"><code>bottle</code> web framework</a> for Python is now supported.</li> </ul> </li> <li><strong><a href="https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.19.3/">CodeQL 2.19.3</a></strong> – <em>7 November 2024</em> <ul> <li>Analysis for .NET 8 and JDK 17 has been improved.</li> <li>The CodeQL Bundle is now available as an artifact that is compressed using <a href="https://en.wikipedia.org/wiki/Zstd">Zstandard</a>. This artifact is smaller and faster to decompress than the original, gzip-compressed bundle. The <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.19.3">CodeQL bundle</a> is a tar archive containing tools, scripts, and various CodeQL-specific files.</li> </ul> </li> <li><strong><a href="https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.19.2/">CodeQL 2.19.2</a></strong> – <em>21 October 2024</em> <ul> <li>Analysis of Python apps now has significantly faster extraction and analysis times.</li> </ul> </li> <li><strong><a href="https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.19.1/">CodeQL 2.19.1</a></strong> – <em>4 October 2024</em> <ul> <li>Java 23 is now supported.</li> <li>A new command, <code>codeql resolve packs</code>, shows each step in the pack search process, including what packs were found in each step.</li> </ul> </li> </ul> <p><a href="https://codeql.github.com/docs/codeql-overview/codeql-changelog/">Detailed changelogs</a> for every CodeQL release are available in the CodeQL documentation, and new CodeQL releases occur roughly every two weeks.</p> <p>For GitHub Enterprise Server customers: All new functionality from CodeQL releases 2.19.0 through 2.20.3 will be included in GHES 3.16 and the latest patch versions of 3.12-3.15. Functionality from 2.20.3 and later 2.20.X versions will be included in 3.17. If you use an older version of GHES, you can <a href="https://docs.github.com/en/enterprise-server@3.14/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-codeql-analysis-on-a-server-without-internet-access">manually upgrade your CodeQL version</a>.</p> </body></html> </div> <a href="https://github.blog/changelog/2025-02-12-codeql-performance-and-coverage-improvements-in-recent-releases" role="button" class="Link--primary d-none d-md-inline-block mt-4 text-bold js-show-trigger" aria-expanded="false" aria-controls="changelog-single-content-82566"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> <a href="https://github.blog/changelog/2025-02-12-codeql-performance-and-coverage-improvements-in-recent-releases" class="Link--primary d-inline-block d-md-none mt-4 text-bold js-show-trigger-alt"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> </div> </div> </article> <article id="changelog-82451" class="d-flex gutter-spacious flex-wrap position-relative changelog-line js-ajax-fetchable post-82451 changelog type-changelog status-publish hentry changelog-label-advanced-security changelog-label-closing-down changelog-label-dependabot changelog-label-security changelog-label-security-and-compliance"> <div class="pb-4 pt-5 pt-md-7 col-12 col-md-5 position-relative"> <div class="changelog-single-details position-sticky top-12"> <svg class="octicon octicon-commit position-absolute left-0 color-bg-default color-fg-muted" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" width="28" height="28"><path fill-rule="evenodd" d="M15.5 11.75a3.5 3.5 0 11-7 0 3.5 3.5 0 017 0zm1.444-.75a5.001 5.001 0 00-9.888 0H2.75a.75.75 0 100 1.5h4.306a5.001 5.001 0 009.888 0h4.306a.75.75 0 100-1.5h-4.306z" fill="currentColor"></path></svg> <h2 class="h5-mktg"><a class="Link--primary" href="https://github.blog/changelog/2025-02-05-dependabot-no-longer-supports-python-3-8" rel="bookmark">Dependabot no longer supports Python 3.8</a></h2> <time datetime="2025-02-05" class="d-block f5-mktg text-medium color-fg-muted mt-14px">February 5, 2025</time> <ul class="d-inline-block list-style-none post-hero__categories mt-2"><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/advanced-security/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">advanced-security</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/closing-down/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">closing-down</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/dependabot/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">dependabot</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/security/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">security</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/security-and-compliance/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">security-and-compliance</a></li></ul> </div> </div> <div class="col-12 col-md-7"> <div class="pb-5 pt-0 py-md-7 changelog-single-content-wrap border-bottom"> <div id="changelog-single-content-82451" class="post__content changelog-single-content js-show-all-target"> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> <html><body><p>As of February 5, 2025, Dependabot no longer supports Python 3.8, which has reached its end-of-life. If you continue to use Python 3.8, Dependabot will not be able to create pull requests to update dependencies. If this affects you, we recommend updating to a supported release of Python. As of February 2025, Python 3.13 is the newest supported release.</p> <p>View <a href="https://devguide.python.org/versions/">Python’s official documentation</a> for more information about supported releases.</p> </body></html> </div> <a href="https://github.blog/changelog/2025-02-05-dependabot-no-longer-supports-python-3-8" role="button" class="Link--primary d-none d-md-inline-block mt-4 text-bold js-show-trigger" aria-expanded="false" aria-controls="changelog-single-content-82451"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> <a href="https://github.blog/changelog/2025-02-05-dependabot-no-longer-supports-python-3-8" class="Link--primary d-inline-block d-md-none mt-4 text-bold js-show-trigger-alt"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> </div> </div> </article> <article id="changelog-82436" class="d-flex gutter-spacious flex-wrap position-relative changelog-line js-ajax-fetchable post-82436 changelog type-changelog status-publish hentry changelog-label-advanced-security changelog-label-dependabot changelog-label-security changelog-label-security-and-compliance"> <div class="pb-4 pt-5 pt-md-7 col-12 col-md-5 position-relative"> <div class="changelog-single-details position-sticky top-12"> <svg class="octicon octicon-commit position-absolute left-0 color-bg-default color-fg-muted" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" width="28" height="28"><path fill-rule="evenodd" d="M15.5 11.75a3.5 3.5 0 11-7 0 3.5 3.5 0 017 0zm1.444-.75a5.001 5.001 0 00-9.888 0H2.75a.75.75 0 100 1.5h4.306a5.001 5.001 0 009.888 0h4.306a.75.75 0 100-1.5h-4.306z" fill="currentColor"></path></svg> <h2 class="h5-mktg"><a class="Link--primary" href="https://github.blog/changelog/2025-02-04-dependabot-now-supports-pnpm-workspace-catalogs-ga" rel="bookmark">Dependabot now supports pnpm workspace catalogs (GA)</a></h2> <time datetime="2025-02-04" class="d-block f5-mktg text-medium color-fg-muted mt-14px">February 4, 2025</time> <ul class="d-inline-block list-style-none post-hero__categories mt-2"><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/advanced-security/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">advanced-security</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/dependabot/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">dependabot</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/security/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">security</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/security-and-compliance/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">security-and-compliance</a></li></ul> </div> </div> <div class="col-12 col-md-7"> <div class="pb-5 pt-0 py-md-7 changelog-single-content-wrap border-bottom"> <div id="changelog-single-content-82436" class="post__content changelog-single-content js-show-all-target"> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> <html><body><p>Starting today, Dependabot offers full support for <code>pnpm</code> workspace catalogs.</p> <p><code>pnpm</code> workspace catalogs are widely used in monorepos, and improper dependency handling can lead to:</p> <ul> <li> Broken dependency trees due to unintended modifications.</li> <li> Install failures in CI environments due to lockfile mismatches. </li> <li> `NoChangeErrors` when workspaces conflict with each other.</li> </ul> <p>Starting today, Dependabot fully supports <code>pnpm</code> workspace catalogs. This means that Dependabot now:</p> <ul> <li> Ensures safe, scoped updates for each workspace.</li> <li> Prevents lockfile inconsistencies that break dependency resolution.</li> <li> Improves the reliability of updates in `pnpm` monorepos.</li> </ul> <p><a href="https://docs.github.com/en/code-security/dependabot">Learn more about Dependabot</a><br> <a href="https://pnpm.io/catalogs">Learn more about <code>pnpm</code> catalogs</a><br> Join the <a href="https://github.com/orgs/community/discussions/150782">community discussion</a> to share feedback and tips</p> </body></html> </div> <a href="https://github.blog/changelog/2025-02-04-dependabot-now-supports-pnpm-workspace-catalogs-ga" role="button" class="Link--primary d-none d-md-inline-block mt-4 text-bold js-show-trigger" aria-expanded="false" aria-controls="changelog-single-content-82436"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> <a href="https://github.blog/changelog/2025-02-04-dependabot-now-supports-pnpm-workspace-catalogs-ga" class="Link--primary d-inline-block d-md-none mt-4 text-bold js-show-trigger-alt"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> </div> </div> </article> <article id="changelog-82388" class="d-flex gutter-spacious flex-wrap position-relative changelog-line js-ajax-fetchable post-82388 changelog type-changelog status-publish hentry changelog-label-advanced-security changelog-label-code-scanning changelog-label-codeql changelog-label-enterprise changelog-label-security-and-compliance"> <div class="pb-4 pt-5 pt-md-7 col-12 col-md-5 position-relative"> <div class="changelog-single-details position-sticky top-12"> <svg class="octicon octicon-commit position-absolute left-0 color-bg-default color-fg-muted" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" width="28" height="28"><path fill-rule="evenodd" d="M15.5 11.75a3.5 3.5 0 11-7 0 3.5 3.5 0 017 0zm1.444-.75a5.001 5.001 0 00-9.888 0H2.75a.75.75 0 100 1.5h4.306a5.001 5.001 0 009.888 0h4.306a.75.75 0 100-1.5h-4.306z" fill="currentColor"></path></svg> <h2 class="h5-mktg"><a class="Link--primary" href="https://github.blog/changelog/2025-01-31-edit-and-validate-copilot-autofix-suggestions-with-copilot-workspace" rel="bookmark">Edit and validate Copilot Autofix suggestions with Copilot Workspace</a></h2> <time datetime="2025-01-31" class="d-block f5-mktg text-medium color-fg-muted mt-14px">January 31, 2025</time> <ul class="d-inline-block list-style-none post-hero__categories mt-2"><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/advanced-security/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">advanced-security</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/code-scanning/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">code-scanning</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/codeql/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">codeql</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/enterprise/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">enterprise</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/security-and-compliance/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">security-and-compliance</a></li></ul> </div> </div> <div class="col-12 col-md-7"> <div class="pb-5 pt-0 py-md-7 changelog-single-content-wrap border-bottom"> <div id="changelog-single-content-82388" class="post__content changelog-single-content js-show-all-target"> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> <html><body><p>Copilot Autofix suggestions for code scanning alerts can now be edited and validated using <a href="https://docs.github.com/en/enterprise-cloud@latest/copilot/using-github-copilot/using-github-copilot-for-pull-requests/using-copilot-to-help-you-work-on-a-pull-request">Copilot Workspace for pull requests.</a></p> <p class="has-image"><img decoding="async" width="1200" alt="Copilot Workspace for Copilot Autofix for code scanning" src="https://github.com/user-attachments/assets/a6837f73-4428-408b-859e-e849e6cdeaab" loading="lazy"></p> <p>With this, GitHub Advanced Security users can:</p> <ul> <li>Review and integrate Copilot Autofix suggestions within the context of the pull request, benefiting from an improved diff-viewing experience.</li> <li>Refine and address code scanning alerts directly within the pull request, utilizing an enhanced code editing experience.</li> <li>Build, test, and run proposed changes in the pull request without impacting your personal build and test environment.</li> </ul> <p>All GitHub Advanced Security users can use this feature in private repositories on GitHub.com. A Copilot license is not required.</p> <p>To learn more about code scanning alerts and Copilot Autofix, see <a href="https://docs.github.com/en/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning">About Copilot Autofix for CodeQL code scanning</a>. If you have feedback regarding Copilot Autofix for code scanning, please <a href="https://github.com/orgs/community/discussions/111094">join the discussion here</a>.</p> </body></html> </div> <a href="https://github.blog/changelog/2025-01-31-edit-and-validate-copilot-autofix-suggestions-with-copilot-workspace" role="button" class="Link--primary d-none d-md-inline-block mt-4 text-bold js-show-trigger" aria-expanded="false" aria-controls="changelog-single-content-82388"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> <a href="https://github.blog/changelog/2025-01-31-edit-and-validate-copilot-autofix-suggestions-with-copilot-workspace" class="Link--primary d-inline-block d-md-none mt-4 text-bold js-show-trigger-alt"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> </div> </div> </article> <article id="changelog-82370" class="d-flex gutter-spacious flex-wrap position-relative changelog-line js-ajax-fetchable post-82370 changelog type-changelog status-publish hentry changelog-label-advanced-security changelog-label-code-scanning changelog-label-codeql changelog-label-copilot changelog-label-security-and-compliance"> <div class="pb-4 pt-5 pt-md-7 col-12 col-md-5 position-relative"> <div class="changelog-single-details position-sticky top-12"> <svg class="octicon octicon-commit position-absolute left-0 color-bg-default color-fg-muted" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" width="28" height="28"><path fill-rule="evenodd" d="M15.5 11.75a3.5 3.5 0 11-7 0 3.5 3.5 0 017 0zm1.444-.75a5.001 5.001 0 00-9.888 0H2.75a.75.75 0 100 1.5h4.306a5.001 5.001 0 009.888 0h4.306a.75.75 0 100-1.5h-4.306z" fill="currentColor"></path></svg> <h2 class="h5-mktg"><a class="Link--primary" href="https://github.blog/changelog/2025-01-31-recent-improvements-to-security-campaigns-with-copilot-autofix-public-preview" rel="bookmark">Recent improvements to security campaigns with Copilot Autofix (public preview)</a></h2> <time datetime="2025-01-31" class="d-block f5-mktg text-medium color-fg-muted mt-14px">January 31, 2025</time> <ul class="d-inline-block list-style-none post-hero__categories mt-2"><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/advanced-security/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">advanced-security</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/code-scanning/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">code-scanning</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/codeql/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">codeql</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/copilot/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">copilot</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/security-and-compliance/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">security-and-compliance</a></li></ul> </div> </div> <div class="col-12 col-md-7"> <div class="pb-5 pt-0 py-md-7 changelog-single-content-wrap border-bottom"> <div id="changelog-single-content-82370" class="post__content changelog-single-content js-show-all-target"> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> <html><body><p>We’re releasing various improvements to security campaigns to help security teams and developers collaborate more effectively to resolve security debt with the help of Copilot Autofix.</p> <p>Security campaigns with Copilot Autofix were released in <a href="https://github.blog/changelog/2024-10-29-security-campaigns-with-copilot-autofix-are-now-in-public-preview/">public preview</a> at GitHub Universe.</p> <p>Available as part of GitHub Advanced Security, security campaigns help you rapidly reduce your backlog of application security debt. With security campaigns, you can make sure your developers focus on the most important security alerts across your portfolio. Copilot Autofix also automatically generates contextual explanations and suggests fixes for alerts in a campaign.</p> <p>Today we are announcing multiple improvements based on the customer feedback we have received during the security campaigns public preview:</p> <ul> <li> The repository limit for security campaigns has increased from 100 to 1000, making it easier to create campaigns from more of your critical repositories. </li> <li> Multiple users or teams can now be specified as campaign managers, giving application security teams greater flexibility in assigning responsibility for monitoring campaign progress and collaborating with developers on fixing alerts.</li> <li> We’ve added a new contact link field in the security campaigns user interface to facilitate better communication between security teams and developers during campaigns. </li> <li> Email notifications are now consolidated when security campaigns are created or closed. Developers watching multiple repositories included in the same campaign will receive a single email including details of all relevant repositories rather than one email per repository.</li> <li>Security campaigns are available for users of GitHub Advanced Security on GitHub Enterprise Cloud. </li> </ul> <p>For more information about security campaigns, see <a href="https://docs.github.com/en/enterprise-cloud@latest/code-security/securing-your-organization/fixing-security-alerts-at-scale/about-security-campaigns">About security campaigns</a> in the GitHub documentation. If you have any feedback on security campaigns, join <a href="https://github.com/orgs/community/discussions/142424">the discussion in the GitHub Community</a>.</p> </body></html> </div> <a href="https://github.blog/changelog/2025-01-31-recent-improvements-to-security-campaigns-with-copilot-autofix-public-preview" role="button" class="Link--primary d-none d-md-inline-block mt-4 text-bold js-show-trigger" aria-expanded="false" aria-controls="changelog-single-content-82370"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> <a href="https://github.blog/changelog/2025-01-31-recent-improvements-to-security-campaigns-with-copilot-autofix-public-preview" class="Link--primary d-inline-block d-md-none mt-4 text-bold js-show-trigger-alt"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> </div> </div> </article> <article id="changelog-82145" class="d-flex gutter-spacious flex-wrap position-relative changelog-line js-ajax-fetchable post-82145 changelog type-changelog status-publish hentry changelog-label-advanced-security changelog-label-code-scanning changelog-label-codeql changelog-label-security changelog-label-security-and-compliance"> <div class="pb-4 pt-5 pt-md-7 col-12 col-md-5 position-relative"> <div class="changelog-single-details position-sticky top-12"> <svg class="octicon octicon-commit position-absolute left-0 color-bg-default color-fg-muted" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" width="28" height="28"><path fill-rule="evenodd" d="M15.5 11.75a3.5 3.5 0 11-7 0 3.5 3.5 0 017 0zm1.444-.75a5.001 5.001 0 00-9.888 0H2.75a.75.75 0 100 1.5h4.306a5.001 5.001 0 009.888 0h4.306a.75.75 0 100-1.5h-4.306z" fill="currentColor"></path></svg> <h2 class="h5-mktg"><a class="Link--primary" href="https://github.blog/changelog/2025-01-21-code-scanning-caches-dependencies-for-java-go-c" rel="bookmark">Code scanning caches dependencies for Java, Go & C#</a></h2> <time datetime="2025-01-21" class="d-block f5-mktg text-medium color-fg-muted mt-14px">January 21, 2025</time> <ul class="d-inline-block list-style-none post-hero__categories mt-2"><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/advanced-security/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">advanced-security</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/code-scanning/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">code-scanning</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/codeql/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">codeql</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/security/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">security</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/security-and-compliance/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">security-and-compliance</a></li></ul> </div> </div> <div class="col-12 col-md-7"> <div class="pb-5 pt-0 py-md-7 changelog-single-content-wrap border-bottom"> <div id="changelog-single-content-82145" class="post__content changelog-single-content js-show-all-target"> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> <html><body><p>GitHub Code Scanning powered by CodeQL now supports dependency caching for Java, Go, and C# projects. This feature ensures that scans can deliver meaningful results even if registries are temporarily unavailable, while also reducing overall scanning time after the cache is established.</p> <p><strong>Dependency Caching Availability: </strong></p> <ul> <li><strong><a href="https://docs.github.com/en/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#about-default-setup">Default Setup</a>:</strong> For repositories using GitHub-hosted runners, dependency caching is automatically enabled for both public and private repositories during scans.</li> <li><strong><a href="https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#enabling-dependency-caching-for-codeql">Advanced Setup</a>:</strong> Users with custom configurations can manually enable dependency caching as needed.</li> </ul> <p>This is now available on <a href="github.com">github.com</a>.</p> </body></html> </div> <a href="https://github.blog/changelog/2025-01-21-code-scanning-caches-dependencies-for-java-go-c" role="button" class="Link--primary d-none d-md-inline-block mt-4 text-bold js-show-trigger" aria-expanded="false" aria-controls="changelog-single-content-82145"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> <a href="https://github.blog/changelog/2025-01-21-code-scanning-caches-dependencies-for-java-go-c" class="Link--primary d-inline-block d-md-none mt-4 text-bold js-show-trigger-alt"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> </div> </div> </article> <article id="changelog-81998" class="d-flex gutter-spacious flex-wrap position-relative changelog-line js-ajax-fetchable post-81998 changelog type-changelog status-publish hentry changelog-label-advanced-security changelog-label-code-scanning changelog-label-codeql changelog-label-enterprise changelog-label-security-and-compliance"> <div class="pb-4 pt-5 pt-md-7 col-12 col-md-5 position-relative"> <div class="changelog-single-details position-sticky top-12"> <svg class="octicon octicon-commit position-absolute left-0 color-bg-default color-fg-muted" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" width="28" height="28"><path fill-rule="evenodd" d="M15.5 11.75a3.5 3.5 0 11-7 0 3.5 3.5 0 017 0zm1.444-.75a5.001 5.001 0 00-9.888 0H2.75a.75.75 0 100 1.5h4.306a5.001 5.001 0 009.888 0h4.306a.75.75 0 100-1.5h-4.306z" fill="currentColor"></path></svg> <h2 class="h5-mktg"><a class="Link--primary" href="https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated" rel="bookmark">Code scanning: CodeQL Action v2 is now retired</a></h2> <time datetime="2025-01-10" class="d-block f5-mktg text-medium color-fg-muted mt-14px">January 10, 2025</time> <ul class="d-inline-block list-style-none post-hero__categories mt-2"><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/advanced-security/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">advanced-security</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/code-scanning/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">code-scanning</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/codeql/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">codeql</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/enterprise/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">enterprise</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/security-and-compliance/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">security-and-compliance</a></li></ul> </div> </div> <div class="col-12 col-md-7"> <div class="pb-5 pt-0 py-md-7 changelog-single-content-wrap border-bottom"> <div id="changelog-single-content-81998" class="post__content changelog-single-content js-show-all-target"> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> <html><body><p>On December 13, 2023, we released CodeQL Action v3, which runs on the Node.js 20 runtime. In January 2024, we announced that CodeQL Action v2 would be retired at the same time as GitHub Enterprise Server (GHES) 3.11. This retirement period has elapsed and CodeQL Action v2 is now discontinued. It will no longer be updated or supported, and while we will not be deleting it except in the case of a security vulnerability, workflows using it may eventually break. New CodeQL analysis capabilities will only be available to users of v3.</p> <p>For more information about this retirement, please see <a href="https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/">the original retirement announcement from January 2024</a>.</p> <h2 id="how-does-this-affect-me">How does this affect me?<a href="#how-does-this-affect-me" class="heading-link pl-2 text-italic text-bold" aria-label="How does this affect me?"></a></h2> <h3 id="default-setup">Default setup<a href="#default-setup" class="heading-link pl-2 text-italic text-bold" aria-label="Default setup"></a></h3> <p>Users of <a href="https://docs.github.com/en/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning">code scanning default setup</a> do not need to take any action in order to automatically move to CodeQL Action v3.</p> <h3 id="advanced-setup">Advanced setup<a href="#advanced-setup" class="heading-link pl-2 text-italic text-bold" aria-label="Advanced setup"></a></h3> <p>Users of <a href="https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning">code scanning advanced setup</a> need to change their workflow files in order to start using CodeQL Action v3.</p> <h4 id="users-of-github-com-and-github-enterprise-server-3-12-and-newer">Users of GitHub.com and GitHub Enterprise Server 3.12 (and newer)<a href="#users-of-github-com-and-github-enterprise-server-3-12-and-newer" class="heading-link pl-2 text-italic text-bold" aria-label="Users of GitHub.com and GitHub Enterprise Server 3.12 (and newer)"></a></h4> <p>All users of GitHub code scanning (which by default uses the CodeQL analysis engine) on GitHub Actions on the following platforms should update their workflow files:</p> <ul> <li>GitHub.com (including open source repositories, users of GitHub Teams and GitHub Enterprise Cloud)</li> <li>GitHub Enterprise Server (GHES) 3.12 (and newer)</li> </ul> <p>Users of the above-mentioned platforms should update their CodeQL workflow file(s) to refer to the new <code>v3</code> version of the CodeQL Action. Note that the upcoming release of GitHub Enterprise Server 3.12 will ship with <code>v3</code> of the CodeQL Action included.</p> <h4 id="users-of-github-enterprise-server-3-11-and-older">Users of GitHub Enterprise Server 3.11 (and older)<a href="#users-of-github-enterprise-server-3-11-and-older" class="heading-link pl-2 text-italic text-bold" aria-label="Users of GitHub Enterprise Server 3.11 (and older)"></a></h4> <p>GitHub Enterprise Server 3.11 (and older) is now <a href="https://docs.github.com/en/enterprise-server@3.15/admin/all-releases#releases-of-github-enterprise-server">retired</a>. For more information on using the CodeQL Action on a retired GitHub Enterprise Server version, refer to the relevant sections of the <a href="https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/#users-of-github-enterprise-server-311">CodeQL Action v2 retirement announcement</a>.</p> <h2 id="exactly-what-do-i-need-to-change">Exactly what do I need to change?<a href="#exactly-what-do-i-need-to-change" class="heading-link pl-2 text-italic text-bold" aria-label="Exactly what do I need to change?"></a></h2> <p>To upgrade to CodeQL Action v3, open your CodeQL workflow file(s) in the <code>.github</code> directory of your repository and look for references to:</p> <ul> <li><code>github/codeql-action/init@v2</code></li> <li><code>github/codeql-action/autobuild@v2</code></li> <li><code>github/codeql-action/analyze@v2</code></li> <li><code>github/codeql-action/upload-sarif@v2</code></li> </ul> <p>These entries need to be replaced with their <code>v3</code> equivalents:</p> <ul> <li><code>github/codeql-action/init@v3</code></li> <li><code>github/codeql-action/autobuild@v3</code></li> <li><code>github/codeql-action/analyze@v3</code></li> <li><code>github/codeql-action/upload-sarif@v3</code></li> </ul> <h2 id="can-i-use-dependabot-to-help-me-with-this-upgrade">Can I use Dependabot to help me with this upgrade?<a href="#can-i-use-dependabot-to-help-me-with-this-upgrade" class="heading-link pl-2 text-italic text-bold" aria-label="Can I use Dependabot to help me with this upgrade?"></a></h2> <p>Yes, you can! For more details on how to configure Dependabot to automatically upgrade your Actions dependencies, <a href="https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot">please see this page</a>.</p> </body></html> </div> <a href="https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated" role="button" class="Link--primary d-none d-md-inline-block mt-4 text-bold js-show-trigger" aria-expanded="false" aria-controls="changelog-single-content-81998"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> <a href="https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated" class="Link--primary d-inline-block d-md-none mt-4 text-bold js-show-trigger-alt"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> </div> </div> </article> <article id="changelog-81971" class="d-flex gutter-spacious flex-wrap position-relative changelog-line js-ajax-fetchable post-81971 changelog type-changelog status-publish hentry changelog-label-secret-scanning changelog-label-security-and-compliance"> <div class="pb-4 pt-5 pt-md-7 col-12 col-md-5 position-relative"> <div class="changelog-single-details position-sticky top-12"> <svg class="octicon octicon-commit position-absolute left-0 color-bg-default color-fg-muted" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" width="28" height="28"><path fill-rule="evenodd" d="M15.5 11.75a3.5 3.5 0 11-7 0 3.5 3.5 0 017 0zm1.444-.75a5.001 5.001 0 00-9.888 0H2.75a.75.75 0 100 1.5h4.306a5.001 5.001 0 009.888 0h4.306a.75.75 0 100-1.5h-4.306z" fill="currentColor"></path></svg> <h2 class="h5-mktg"><a class="Link--primary" href="https://github.blog/changelog/2025-01-09-secret-scanning-expands-default-pattern-support" rel="bookmark">Secret scanning expands default pattern support</a></h2> <time datetime="2025-01-09" class="d-block f5-mktg text-medium color-fg-muted mt-14px">January 9, 2025</time> <ul class="d-inline-block list-style-none post-hero__categories mt-2"><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/secret-scanning/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">secret-scanning</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/security-and-compliance/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">security-and-compliance</a></li></ul> </div> </div> <div class="col-12 col-md-7"> <div class="pb-5 pt-0 py-md-7 changelog-single-content-wrap border-bottom"> <div id="changelog-single-content-81971" class="post__content changelog-single-content js-show-all-target"> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> <html><body><p>GitHub continually updates the default pattern set for secret scanning with new patterns and upgrades of existing patterns, ensuring your repositories have comprehensive detection for different secret types.</p> <p>The following new patterns were added over the last few months. Secret scanning automatically detects any secrets matching these patterns in your repositories. See the full list of supported secrets <a href="https://docs.github.com/en/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets">in the documentation</a>.</p> <div class="content-table-wrap"><table> <thead> <tr> <th>Provider</th> <th>Token</th> <th>Partner</th> <th>User</th> <th>Push protection</th> </tr> </thead> <tbody> <tr> <td>Anthropic</td> <td>anthropic_admin_api_key</td> <td>✓</td> <td>✓</td> <td>✓</td> </tr> <tr> <td>Asaas</td> <td>asaas_api_token</td> <td>✓</td> <td>✓</td> <td></td> </tr> <tr> <td>Asana</td> <td>asana_legacy_format_personal_access_token</td> <td> ✓</td> <td>✓</td> <td></td> </tr> <tr> <td>Azure</td> <td>azure_openai_key</td> <td>✓</td> <td>✓</td> <td>✓</td> </tr> <tr> <td>Azure</td> <td>microsoft_azure_common_annotated_security_key</td> <td>✓</td> <td></td> <td></td> </tr> <tr> <td>Azure</td> <td>microsoft_azure_entra_id_token</td> <td>✓</td> <td>✓</td> <td>✓</td> </tr> <tr> <td>Cfx.re</td> <td>cfxre_server_key</td> <td>✓</td> <td>✓</td> <td></td> </tr> <tr> <td>Cockroach Labs</td> <td>ccdb_api_key</td> <td>✓</td> <td>✓</td> <td></td> </tr> <tr> <td>Coveo</td> <td>coveo_access_token</td> <td>✓</td> <td>✓</td> <td></td> </tr> <tr> <td>Databento</td> <td>databento_api_key</td> <td>✓</td> <td>✓</td> <td></td> </tr> <tr> <td>Datastax</td> <td>datastax_astracs_token</td> <td>✓</td> <td>✓</td> <td>✓</td> </tr> <tr> <td>Google</td> <td>google_cloud_service_account_credentials</td> <td>✓</td> <td>✓</td> <td>✓</td> </tr> <tr> <td>Google</td> <td>google_gcp_api_key_bound_service_account</td> <td>✓</td> <td>✓  </td> <td></td> </tr> <tr> <td>Hubspot</td> <td>hubspot_private_apps_user_token</td> <td>✓</td> <td>✓</td> <td></td> </tr> <tr> <td>Hubspot</td> <td>hubspot_smtp_credential</td> <td>✓</td> <td>✓</td> <td></td> </tr> <tr> <td>Hugging Face</td> <td>hf_user_access_token</td> <td>✓</td> <td>✓</td> <td>✓</td> </tr> <tr> <td>Iterative</td> <td>iterative_dvc_studio_access_token</td> <td>✓</td> <td>✓</td> <td></td> </tr> <tr> <td>Lichess</td> <td>lichess_personal_access_token</td> <td>✓</td> <td>✓</td> <td></td> </tr> <tr> <td>Lichess</td> <td>lichess_oauth_access_token</td> <td>✓</td> <td>✓</td> <td></td> </tr> <tr> <td>MongoDB</td> <td>mongodb_atlas_db_uri_with_credentials</td> <td>✓</td> <td>✓</td> <td></td> </tr> <tr> <td>Netflix</td> <td>netflix_netkey</td> <td>✓</td> <td>✓</td> <td></td> </tr> <tr> <td>OpenRouter</td> <td>openrouter_api_key</td> <td>✓</td> <td>✓</td> <td></td> </tr> <tr> <td>Oracle</td> <td>oracle_api_key</td> <td>✓</td> <td></td> <td></td> </tr> <tr> <td>Polar</td> <td>polar_access_token</td> <td>✓</td> <td>✓</td> <td></td> </tr> <tr> <td>Polar</td> <td>polar_authorization_code</td> <td>✓</td> <td>✓</td> <td></td> </tr> <tr> <td>Polar</td> <td>polar_client_registration_token</td> <td>✓</td> <td>✓</td> <td></td> </tr> <tr> <td>Polar</td> <td>polar_client_secret</td> <td>✓</td> <td>✓</td> <td></td> </tr> <tr> <td>Polar</td> <td>polar_personal_access_token</td> <td>✓</td> <td>✓</td> <td></td> </tr> <tr> <td>Polar</td> <td>polar_refresh_token</td> <td>✓</td> <td>✓</td> <td></td> </tr> <tr> <td>Replicate</td> <td>replicate_api_token</td> <td>✓</td> <td>✓</td> <td>✓</td> </tr> <tr> <td>Scalr</td> <td>scalr_api_token</td> <td>✓</td> <td>✓</td> <td>✓</td> </tr> <tr> <td>Sentry</td> <td>sentry_org_auth_token</td> <td></td> <td>✓</td> <td></td> </tr> <tr> <td>Sentry</td> <td>sentry_user_auth_token</td> <td></td> <td>✓</td> <td></td> </tr> <tr> <td>Sentry</td> <td>sentry_user_app_auth_token</td> <td></td> <td>✓</td> <td></td> </tr> <tr> <td>Sentry</td> <td>sentry_integration_token</td> <td></td> <td>✓</td> <td></td> </tr> <tr> <td>Shopee</td> <td>shopee_open_platform_partner_key</td> <td>✓</td> <td>✓</td> <td></td> </tr> <tr> <td>Siemens</td> <td>siemens_api_token</td> <td>✓</td> <td>✓</td> <td>✓</td> </tr> <tr> <td>Sindri</td> <td>sindri_api_key</td> <td>✓</td> <td>✓</td> <td></td> </tr> <tr> <td>Tailscale</td> <td>tailscale_api_key</td> <td>✓</td> <td>✓</td> <td></td> </tr> </tbody> </table></div> <p>The following existing patterns were upgraded to be included in push protection. When push protection is enabled, secret scanning automatically blocks any pushes that contain a secret matching these patterns.</p> <div class="content-table-wrap"><table> <thead> <tr> <th>Provider</th> <th>Token</th> </tr> </thead> <tbody> <tr> <td>Contentful</td> <td>contentful_personal_access_token</td> </tr> <tr> <td>GitLab</td> <td>gitlab_access_token</td> </tr> <tr> <td>Ionic</td> <td>ionic_refresh_token</td> </tr> <tr> <td>Orbit</td> <td>orbit_api_token</td> </tr> <tr> <td>PyPI</td> <td>pypi_api_token</td> </tr> <tr> <td>Thunderstore</td> <td>thunderstore_io_api_token</td> </tr> <tr> <td>Yandex</td> <td>yandex_cloud_iam_access_secret</td> </tr> </tbody> </table></div> <p>Learn more about <a href="https://docs.github.com/en/code-security/secret-scanning/introduction/about-secret-scanning">securing your repositories with secret scanning</a>.</p> </body></html> </div> <a href="https://github.blog/changelog/2025-01-09-secret-scanning-expands-default-pattern-support" role="button" class="Link--primary d-none d-md-inline-block mt-4 text-bold js-show-trigger" aria-expanded="false" aria-controls="changelog-single-content-81971"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> <a href="https://github.blog/changelog/2025-01-09-secret-scanning-expands-default-pattern-support" class="Link--primary d-inline-block d-md-none mt-4 text-bold js-show-trigger-alt"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> </div> </div> </article> <article id="changelog-81778" class="d-flex gutter-spacious flex-wrap position-relative changelog-line js-ajax-fetchable post-81778 changelog type-changelog status-publish hentry changelog-label-advanced-security changelog-label-secret-scanning changelog-label-security-and-compliance"> <div class="pb-4 pt-5 pt-md-7 col-12 col-md-5 position-relative"> <div class="changelog-single-details position-sticky top-12"> <svg class="octicon octicon-commit position-absolute left-0 color-bg-default color-fg-muted" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" width="28" height="28"><path fill-rule="evenodd" d="M15.5 11.75a3.5 3.5 0 11-7 0 3.5 3.5 0 017 0zm1.444-.75a5.001 5.001 0 00-9.888 0H2.75a.75.75 0 100 1.5h4.306a5.001 5.001 0 009.888 0h4.306a.75.75 0 100-1.5h-4.306z" fill="currentColor"></path></svg> <h2 class="h5-mktg"><a class="Link--primary" href="https://github.blog/changelog/2024-12-20-audit-log-and-webhook-events-for-secret-scan-completions" rel="bookmark">Audit log and webhook events for secret scan completions</a></h2> <time datetime="2024-12-20" class="d-block f5-mktg text-medium color-fg-muted mt-14px">December 20, 2024</time> <ul class="d-inline-block list-style-none post-hero__categories mt-2"><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/advanced-security/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">advanced-security</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/secret-scanning/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">secret-scanning</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/security-and-compliance/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">security-and-compliance</a></li></ul> </div> </div> <div class="col-12 col-md-7"> <div class="pb-5 pt-0 py-md-7 changelog-single-content-wrap border-bottom"> <div id="changelog-single-content-81778" class="post__content changelog-single-content js-show-all-target"> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> <html><body><p>To enhance auditing and troubleshooting, we’ve introduced new <a href="https://docs.github.com/en/enterprise-cloud@latest/webhooks/webhook-events-and-payloads#secret_scanning_scan">webhook</a> and <a href="https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#secret_scanning_scan">audit log</a> events to track the completion of certain secret backfill scans on repositories.</p> <p>The events specify the type of backfill scan completed (e.g., Git backfill or issues backfill) and the secret types scanned, including custom patterns. Note that secrets detected through Copilot Secret Scanning are not included.</p> <p>Backfill scans cover the entire repository and occur when secret scanning is enabled or patterns are updated. These events do not include information on incremental scans, which focus on new content pushed to a repository.</p> <p>A repository must have a GitHub Advanced Security license to access these events.</p> <p>Learn more about how to <a href="https://docs.github.com/en/code-security/secret-scanning/introduction/about-secret-scanning">secure your repositories with secret scanning</a>.</p> </body></html> </div> <a href="https://github.blog/changelog/2024-12-20-audit-log-and-webhook-events-for-secret-scan-completions" role="button" class="Link--primary d-none d-md-inline-block mt-4 text-bold js-show-trigger" aria-expanded="false" aria-controls="changelog-single-content-81778"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> <a href="https://github.blog/changelog/2024-12-20-audit-log-and-webhook-events-for-secret-scan-completions" class="Link--primary d-inline-block d-md-none mt-4 text-bold js-show-trigger-alt"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> </div> </div> </article> <article id="changelog-81724" class="d-flex gutter-spacious flex-wrap position-relative changelog-line js-ajax-fetchable post-81724 changelog type-changelog status-publish hentry changelog-label-advanced-security changelog-label-code-scanning changelog-label-codeql changelog-label-security changelog-label-security-and-compliance"> <div class="pb-4 pt-5 pt-md-7 col-12 col-md-5 position-relative"> <div class="changelog-single-details position-sticky top-12"> <svg class="octicon octicon-commit position-absolute left-0 color-bg-default color-fg-muted" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" width="28" height="28"><path fill-rule="evenodd" d="M15.5 11.75a3.5 3.5 0 11-7 0 3.5 3.5 0 017 0zm1.444-.75a5.001 5.001 0 00-9.888 0H2.75a.75.75 0 100 1.5h4.306a5.001 5.001 0 009.888 0h4.306a.75.75 0 100-1.5h-4.306z" fill="currentColor"></path></svg> <h2 class="h5-mktg"><a class="Link--primary" href="https://github.blog/changelog/2024-12-18-organization-private-registry-configuration-for-java-and-c-codeql-scans" rel="bookmark">Organization Private Registry Configuration for Java and C# CodeQL Scans</a></h2> <time datetime="2024-12-18" class="d-block f5-mktg text-medium color-fg-muted mt-14px">December 18, 2024</time> <ul class="d-inline-block list-style-none post-hero__categories mt-2"><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/advanced-security/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">advanced-security</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/code-scanning/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">code-scanning</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/codeql/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">codeql</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/security/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">security</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/security-and-compliance/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">security-and-compliance</a></li></ul> </div> </div> <div class="col-12 col-md-7"> <div class="pb-5 pt-0 py-md-7 changelog-single-content-wrap border-bottom"> <div id="changelog-single-content-81724" class="post__content changelog-single-content js-show-all-target"> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> <html><body><p>CodeQL <code>build-mode: none</code> scans can now access private dependencies stored in private registries (e.g. Artifactory) for Java and C# projects. This makes your scans more comprehensive, ensuring you receive all important alerts regardless of where your dependencies are stored.</p> <p>Previously, <code>build-mode: none</code> code scans with the default setup were unable to fetch code for dependent packages stored in private registries, which could result in incomplete analysis. Now, organization administrators can <a href="https://docs.github.com/en/enterprise-cloud@latest/code-security/securing-your-organization/enabling-security-features-in-your-organization/giving-org-access-private-registries">configure access credentials</a> for private registries at the organization level. This enhancement allows CodeQL scans in child repositories to retrieve all necessary dependencies, enabling comprehensive code analysis when using the code scanning default setup.</p> <p>This feature is currently in public preview for GitHub Advanced Security customers.</p> <ul> <li><a href="https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql">Learn more about CodeQL.</a></li> <li><a href="https://docs.github.com/en/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#about-default-setup">Learn more about code scanning default setup.</a></li> <li><a href="https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#about-build-mode-none-for-codeql">Learn more about code scanning <code>build-mode: none</code>.</a></li> </ul> </body></html> </div> <a href="https://github.blog/changelog/2024-12-18-organization-private-registry-configuration-for-java-and-c-codeql-scans" role="button" class="Link--primary d-none d-md-inline-block mt-4 text-bold js-show-trigger" aria-expanded="false" aria-controls="changelog-single-content-81724"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> <a href="https://github.blog/changelog/2024-12-18-organization-private-registry-configuration-for-java-and-c-codeql-scans" class="Link--primary d-inline-block d-md-none mt-4 text-bold js-show-trigger-alt"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> </div> </div> </article> <article id="changelog-81700" class="d-flex gutter-spacious flex-wrap position-relative changelog-line js-ajax-fetchable post-81700 changelog type-changelog status-publish hentry changelog-label-advanced-security changelog-label-secret-scanning changelog-label-security-and-compliance"> <div class="pb-4 pt-5 pt-md-7 col-12 col-md-5 position-relative"> <div class="changelog-single-details position-sticky top-12"> <svg class="octicon octicon-commit position-absolute left-0 color-bg-default color-fg-muted" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" width="28" height="28"><path fill-rule="evenodd" d="M15.5 11.75a3.5 3.5 0 11-7 0 3.5 3.5 0 017 0zm1.444-.75a5.001 5.001 0 00-9.888 0H2.75a.75.75 0 100 1.5h4.306a5.001 5.001 0 009.888 0h4.306a.75.75 0 100-1.5h-4.306z" fill="currentColor"></path></svg> <h2 class="h5-mktg"><a class="Link--primary" href="https://github.blog/changelog/2024-12-17-improved-filtering-for-secret-scanning-alerts" rel="bookmark">Improved filtering for secret scanning alerts</a></h2> <time datetime="2024-12-17" class="d-block f5-mktg text-medium color-fg-muted mt-14px">December 17, 2024</time> <ul class="d-inline-block list-style-none post-hero__categories mt-2"><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/advanced-security/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">advanced-security</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/secret-scanning/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">secret-scanning</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/security-and-compliance/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">security-and-compliance</a></li></ul> </div> </div> <div class="col-12 col-md-7"> <div class="pb-5 pt-0 py-md-7 changelog-single-content-wrap border-bottom"> <div id="changelog-single-content-81700" class="post__content changelog-single-content js-show-all-target"> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> <html><body><p>You can now more easily filter secret scanning alerts, with new filter options and advanced filtering.</p> <ul> <li>Enterprise and organization level list views now include a new menu with commonly used and suggested filter options, like bypassed secrets, publicly leaked secrets, and those with enterprise duplicates. The repository level list view now supports a new “advanced filtering” menu.</li> <li>The experimental toggle has been removed from the alert list header UI, but you can still access it from the sidebar navigation menu and with the <code>results:experimental</code> filter.</li> <li>Public leak and multi-repository indicators are fully supported across list views, including alert list views and the <a href="https://docs.github.com/en/enterprise-cloud@latest/rest/secret-scanning/secret-scanning?apiVersion=2022-11-28">REST API</a>. In the UI, in addition to menu options, you can access these filters with <code>is:multi-repository</code> and <code>is:publicly-leaked</code>. These indicators are also included in <a href="https://docs.github.com/en/enterprise-cloud@latest/webhooks/webhook-events-and-payloads#secret_scanning_alert">webhook</a> and <a href="https://docs.github.com/en/enterprise-cloud@latest/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#secret_scanning_alert">audit log event</a> payloads for secret scanning alerts.</li> </ul> <h3 id="what-are-public-leak-and-multi-repo-labels">What are public leak and multi-repo labels?<a href="#what-are-public-leak-and-multi-repo-labels" class="heading-link pl-2 text-italic text-bold" aria-label="What are public leak and multi-repo labels?"></a></h3> <p>To help you triage and remediate secret leaks more effectively, GitHub secret scanning now indicates if a secret detected in your repository has also leaked publicly with a <code>public leak</code> label on the alert. The alert also indicates if the secret was exposed in other repositories across your organization or enterprise with a <code>multi-repository</code> label.</p> <p>These labels provide additional understanding into the distribution of an exposed secret, while also making it easier to assess an alert’s risk and urgency. For example, a secret which has a known associated exposure in a public location has a higher likelihood of exploitation. Detection of public leaks is only currently supported for <a href="https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#default-patterns">provider-based patterns</a>.</p> <p>The <code>multi-repository</code> label makes it easier to de-duplicate alerts and is supported for all secret types, including <a href="https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning">custom patterns</a>. You can only view and navigate to other enterprise repositories with duplicate alerts if you have appropriate permissions to view them.</p> <p>Both indicators currently apply only for newly created alerts.</p> <h3 id="learn-more">Learn more<a href="#learn-more" class="heading-link pl-2 text-italic text-bold" aria-label="Learn more"></a></h3> <p>Learn more about <a href="https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#reviewing-alert-labels">reviewing alert labels</a> and how to <a href="https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/about-secret-scanning">secure your repositories with secret scanning</a>. Let us know what you think by participating in our <a href="https://github.com/orgs/community/discussions/141497">GitHub community discussion</a> or signing up for a <a href="https://github.com/orgs/community/discussions/141497#:~:text=60%20minute%20feedback%20session">60 minute feedback session</a>.</p> </body></html> </div> <a href="https://github.blog/changelog/2024-12-17-improved-filtering-for-secret-scanning-alerts" role="button" class="Link--primary d-none d-md-inline-block mt-4 text-bold js-show-trigger" aria-expanded="false" aria-controls="changelog-single-content-81700"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> <a href="https://github.blog/changelog/2024-12-17-improved-filtering-for-secret-scanning-alerts" class="Link--primary d-inline-block d-md-none mt-4 text-bold js-show-trigger-alt"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> </div> </div> </article> <article id="changelog-81697" class="d-flex gutter-spacious flex-wrap position-relative changelog-line js-ajax-fetchable post-81697 changelog type-changelog status-publish hentry changelog-label-actions changelog-label-advanced-security changelog-label-code-scanning changelog-label-codeql changelog-label-security-and-compliance"> <div class="pb-4 pt-5 pt-md-7 col-12 col-md-5 position-relative"> <div class="changelog-single-details position-sticky top-12"> <svg class="octicon octicon-commit position-absolute left-0 color-bg-default color-fg-muted" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" width="28" height="28"><path fill-rule="evenodd" d="M15.5 11.75a3.5 3.5 0 11-7 0 3.5 3.5 0 017 0zm1.444-.75a5.001 5.001 0 00-9.888 0H2.75a.75.75 0 100 1.5h4.306a5.001 5.001 0 009.888 0h4.306a.75.75 0 100-1.5h-4.306z" fill="currentColor"></path></svg> <h2 class="h5-mktg"><a class="Link--primary" href="https://github.blog/changelog/2024-12-17-find-and-fix-actions-workflows-vulnerabilities-with-codeql-public-preview" rel="bookmark">Find and fix Actions workflows vulnerabilities with CodeQL (Public Preview)</a></h2> <time datetime="2024-12-17" class="d-block f5-mktg text-medium color-fg-muted mt-14px">December 17, 2024</time> <ul class="d-inline-block list-style-none post-hero__categories mt-2"><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/actions/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">actions</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/advanced-security/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">advanced-security</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/code-scanning/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">code-scanning</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/codeql/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">codeql</a></li><li class="d-inline-block mr-2 mt-2"><a href="https://github.blog/changelog/label/security-and-compliance/" class="f5-mktg pill-label text-gradient-purple-coral text-bold">security-and-compliance</a></li></ul> </div> </div> <div class="col-12 col-md-7"> <div class="pb-5 pt-0 py-md-7 changelog-single-content-wrap border-bottom"> <div id="changelog-single-content-81697" class="post__content changelog-single-content js-show-all-target"> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> <html><body><p>You can now enable code scanning in your GitHub Actions workflow files. By opting-in to this feature, you can enhance the security of repositories using GitHub Actions.</p> <p>Actions analysis support includes a set of CodeQL queries developed by the <a href="https://securitylab.github.com/">GitHub Security Lab</a> to capture common misconfigurations of workflow files that can lead to security vulnerabilities. You can now easily run these queries as part of Code Scanning’s default or advanced setup and use Copilot Autofix to get remediation suggestions on your findings.</p> <p>You can opt-in to the public preview by selecting the “GitHub Actions” language via code scanning default setup, or by adding the <code>actions</code> language to your existing advanced setup. New repositories onboarding to default setup after today will start analyzing Actions workflows right away. Existing repositories will not be automatically opted-in as part of the public preview.</p> <p>Learn more about <a href="https://docs.github.com/en/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning">configuring default setup for code scanning</a>, <a href="https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-githubs-security-features-to-secure-your-use-of-github-actions">securing your use of Actions</a>, and <a href="https://securitylab.github.com/codeql-wall-of-fame/">vulnerabilities identified with CodeQL</a>.</p> </body></html> </div> <a href="https://github.blog/changelog/2024-12-17-find-and-fix-actions-workflows-vulnerabilities-with-codeql-public-preview" role="button" class="Link--primary d-none d-md-inline-block mt-4 text-bold js-show-trigger" aria-expanded="false" aria-controls="changelog-single-content-81697"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> <a href="https://github.blog/changelog/2024-12-17-find-and-fix-actions-workflows-vulnerabilities-with-codeql-public-preview" class="Link--primary d-inline-block d-md-none mt-4 text-bold js-show-trigger-alt"> See more <svg class="octicon octicon-chevron-down" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" width="16" height="16"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z" fill="currentColor"></path></svg> </a> </div> </div> </article> </div> <div class="container-xl mx-auto p-responsive-blog mt-6 mt-md-8"> <div class="d-flex gutter-spacious"> <div class="col-12 col-md-7 offset-md-5"> <a class="Button Button--size-medium Button--primary Button--Arrow-down js-ajax-fetch changelog-single-content-wrap" href="https://github.blog/changelog/label/security-and-compliance/page/2/" > <span class="Button__text"> <span class="Text Text--200 Text--antialiased Text--weight-semibold Button--label Button--label-medium Button--label-primary"> View more changes </span> </span> <span class="Button__trailing-visual"> <svg class="ExpandableArrow Button-arrow" width="16" height="16" viewBox="0 0 16 16" fill="none" aria-hidden="true" focusable="false"> <path fill="currentColor" d="M7.28033 3.21967C6.98744 2.92678 6.51256 2.92678 6.21967 3.21967C5.92678 3.51256 5.92678 3.98744 6.21967 4.28033L7.28033 3.21967ZM11 8L11.5303 8.53033C11.8232 8.23744 11.8232 7.76256 11.5303 7.46967L11 8ZM6.21967 11.7197C5.92678 12.0126 5.92678 12.4874 6.21967 12.7803C6.51256 13.0732 6.98744 13.0732 7.28033 12.7803L6.21967 11.7197ZM6.21967 4.28033L10.4697 8.53033L11.5303 7.46967L7.28033 3.21967L6.21967 4.28033ZM10.4697 7.46967L6.21967 11.7197L7.28033 12.7803L11.5303 8.53033L10.4697 7.46967Z"></path> <path class="ExpandableArrow-stem" stroke="currentColor" d="M1.75 8H11" stroke-width="1.5" stroke-linecap="round"></path> </svg> </span> </a> </div> </div> </div> </div> </main> <div data-color-mode="dark" data-light-theme="light" data-dark-theme="dark"> <footer class="footer pt-6"> <div class="container-xl p-responsive-blog"> <div class="d-flex flex-wrap py-5 mb-5"> <div class="col-12 col-lg-4 mb-5"> <a href="https://github.com/" data-ga-click="Resources, go to home, resources footer" class="color-fg-default" aria-label="Go to GitHub homepage"> <svg height="30" class="octicon octicon-logo-github" viewBox="0 0 45 16" version="1.1" width="84" aria-hidden="true"> <path fill-rule="evenodd" d="M18.53 12.03h-.02c.009 0 .015.01.024.011h.006l-.01-.01zm.004.011c-.093.001-.327.05-.574.05-.78 0-1.05-.36-1.05-.83V8.13h1.59c.09 0 .16-.08.16-.19v-1.7c0-.09-.08-.17-.16-.17h-1.59V3.96c0-.08-.05-.13-.14-.13h-2.16c-.09 0-.14.05-.14.13v2.17s-1.09.27-1.16.28c-.08.02-.13.09-.13.17v1.36c0 .11.08.19.17.19h1.11v3.28c0 2.44 1.7 2.69 2.86 2.69.53 0 1.17-.17 1.27-.22.06-.02.09-.09.09-.16v-1.5a.177.177 0 00-.146-.18zM42.23 9.84c0-1.81-.73-2.05-1.5-1.97-.6.04-1.08.34-1.08.34v3.52s.49.34 1.22.36c1.03.03 1.36-.34 1.36-2.25zm2.43-.16c0 3.43-1.11 4.41-3.05 4.41-1.64 0-2.52-.83-2.52-.83s-.04.46-.09.52c-.03.06-.08.08-.14.08h-1.48c-.1 0-.19-.08-.19-.17l.02-11.11c0-.09.08-.17.17-.17h2.13c.09 0 .17.08.17.17v3.77s.82-.53 2.02-.53l-.01-.02c1.2 0 2.97.45 2.97 3.88zm-8.72-3.61h-2.1c-.11 0-.17.08-.17.19v5.44s-.55.39-1.3.39-.97-.34-.97-1.09V6.25c0-.09-.08-.17-.17-.17h-2.14c-.09 0-.17.08-.17.17v5.11c0 2.2 1.23 2.75 2.92 2.75 1.39 0 2.52-.77 2.52-.77s.05.39.08.45c.02.05.09.09.16.09h1.34c.11 0 .17-.08.17-.17l.02-7.47c0-.09-.08-.17-.19-.17zm-23.7-.01h-2.13c-.09 0-.17.09-.17.2v7.34c0 .2.13.27.3.27h1.92c.2 0 .25-.09.25-.27V6.23c0-.09-.08-.17-.17-.17zm-1.05-3.38c-.77 0-1.38.61-1.38 1.38 0 .77.61 1.38 1.38 1.38.75 0 1.36-.61 1.36-1.38 0-.77-.61-1.38-1.36-1.38zm16.49-.25h-2.11c-.09 0-.17.08-.17.17v4.09h-3.31V2.6c0-.09-.08-.17-.17-.17h-2.13c-.09 0-.17.08-.17.17v11.11c0 .09.09.17.17.17h2.13c.09 0 .17-.08.17-.17V8.96h3.31l-.02 4.75c0 .09.08.17.17.17h2.13c.09 0 .17-.08.17-.17V2.6c0-.09-.08-.17-.17-.17zM8.81 7.35v5.74c0 .04-.01.11-.06.13 0 0-1.25.89-3.31.89-2.49 0-5.44-.78-5.44-5.92S2.58 1.99 5.1 2c2.18 0 3.06.49 3.2.58.04.05.06.09.06.14L7.94 4.5c0 .09-.09.2-.2.17-.36-.11-.9-.33-2.17-.33-1.47 0-3.05.42-3.05 3.73s1.5 3.7 2.58 3.7c.92 0 1.25-.11 1.25-.11v-2.3H4.88c-.11 0-.19-.08-.19-.17V7.35c0-.09.08-.17.19-.17h3.74c.11 0 .19.08.19.17z"></path> </svg> </a> </div> <div class="col-6 col-sm-3 col-lg-2 mb-6 mb-md-2 pr-3 pr-lg-0 pl-lg-4"><h2 class="h5 mb-3 text-mono color-text-tertiary text-normal">Product</h2><ul class="list-style-none text-gray f5"><li class="lh-condensed mb-3"><a href="https://github.com/features" data-ga-click="Site Foundation Components, go to Features, site foundation components footer" class="Link--secondary">Features</a></li><li class="lh-condensed mb-3"><a href="https://github.com/security" data-ga-click="Site Foundation Components, go to Security, site foundation components footer" class="Link--secondary">Security</a></li><li class="lh-condensed mb-3"><a href="https://github.com/enterprise" data-ga-click="Site Foundation Components, go to Enterprise, site foundation components footer" class="Link--secondary">Enterprise</a></li><li class="lh-condensed mb-3"><a href="https://github.com/customer-stories?type=enterprise" data-ga-click="Site Foundation Components, go to Customer Stories, site foundation components footer" class="Link--secondary">Customer Stories</a></li><li class="lh-condensed mb-3"><a href="https://github.com/pricing" data-ga-click="Site Foundation Components, go to Pricing, site foundation components footer" class="Link--secondary">Pricing</a></li><li class="lh-condensed mb-3"><a href="https://resources.github.com/" data-ga-click="Site Foundation Components, go to Resources, site foundation components footer" class="Link--secondary">Resources</a></li></ul></div><div class="col-6 col-sm-3 col-lg-2 mb-6 mb-md-2 pr-3 pr-lg-0 pl-lg-4"><h2 class="h5 mb-3 text-mono color-text-tertiary text-normal">Platform</h2><ul class="list-style-none text-gray f5"><li class="lh-condensed mb-3"><a href="https://developer.github.com/" data-ga-click="Site Foundation Components, go to Developer API, site foundation components footer" class="Link--secondary">Developer API</a></li><li class="lh-condensed mb-3"><a href="https://partner.github.com/" data-ga-click="Site Foundation Components, go to Partners, site foundation components footer" class="Link--secondary">Partners</a></li><li class="lh-condensed mb-3"><a href="https://atom.io/" data-ga-click="Site Foundation Components, go to Atom, site foundation components footer" class="Link--secondary">Atom</a></li><li class="lh-condensed mb-3"><a href="https://www.electronjs.org/" data-ga-click="Site Foundation Components, go to Electron, site foundation components footer" class="Link--secondary">Electron</a></li><li class="lh-condensed mb-3"><a href="https://desktop.github.com/" data-ga-click="Site Foundation Components, go to GitHub Desktop, site foundation components footer" class="Link--secondary">GitHub Desktop</a></li></ul></div><div class="col-6 col-sm-3 col-lg-2 mb-6 mb-md-2 pr-3 pr-lg-0 pl-lg-4"><h2 class="h5 mb-3 text-mono color-text-tertiary text-normal">Support</h2><ul class="list-style-none text-gray f5"><li class="lh-condensed mb-3"><a href="https://docs.github.com/" data-ga-click="Site Foundation Components, go to Docs, site foundation components footer" class="Link--secondary">Docs</a></li><li class="lh-condensed mb-3"><a href="https://github.community/" data-ga-click="Site Foundation Components, go to Community Forum, site foundation components footer" class="Link--secondary">Community Forum</a></li><li class="lh-condensed mb-3"><a href="https://services.github.com/" data-ga-click="Site Foundation Components, go to Training, site foundation components footer" class="Link--secondary">Training</a></li><li class="lh-condensed mb-3"><a href="https://www.githubstatus.com/" data-ga-click="Site Foundation Components, go to Status, site foundation components footer" class="Link--secondary">Status</a></li><li class="lh-condensed mb-3"><a href="https://support.github.com/" data-ga-click="Site Foundation Components, go to Contact, site foundation components footer" class="Link--secondary">Contact</a></li></ul></div><div class="col-6 col-sm-3 col-lg-2 mb-6 mb-md-2 pr-3 pr-lg-0 pl-lg-4"><h2 class="h5 mb-3 text-mono color-text-tertiary text-normal">Company</h2><ul class="list-style-none text-gray f5"><li class="lh-condensed mb-3"><a href="https://github.com/about" data-ga-click="Site Foundation Components, go to About, site foundation components footer" class="Link--secondary">About</a></li><li class="lh-condensed mb-3"><a href="https://github.blog/" data-ga-click="Site Foundation Components, go to Blog, site foundation components footer" class="Link--secondary">Blog</a></li><li class="lh-condensed mb-3"><a href="https://github.com/about/careers" data-ga-click="Site Foundation Components, go to Careers, site foundation components footer" class="Link--secondary">Careers</a></li><li class="lh-condensed mb-3"><a href="https://github.com/about/press" data-ga-click="Site Foundation Components, go to Press, site foundation components footer" class="Link--secondary">Press</a></li><li class="lh-condensed mb-3"><a href="https://shop.github.com/" data-ga-click="Site Foundation Components, go to Shop, site foundation components footer" class="Link--secondary">Shop</a></li></ul></div> </div> </div> <div class="color-bg-subtle"> <div class="container-xl p-responsive-blog f6 py-4 d-sm-flex flex-justify-between flex-row-reverse flex-items-center"> <ul class="list-style-none d-flex flex-items-center mb-3 mb-sm-0 lh-condensed-ultra"> <li class="mr-3 flex-self-start"> <a href="https://www.linkedin.com/company/github" data-ga-click="Blog, go to Linkedin, resources footer" style="color: #959da5;"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 19 18" class="d-block" height="18"> <title>LinkedIn icon</title> <path d="M3.94 2A2 2 0 1 1 2 0a2 2 0 0 1 1.94 2zM4 5.48H0V18h4zm6.32 0H6.34V18h3.94v-6.57c0-3.66 4.77-4 4.77 0V18H19v-7.93c0-6.17-7.06-5.94-8.72-2.91z" fill="currentColor"></path> </svg> <span class="sr-only">GitHub on LinkedIn</span> </a> </li> <li class="mr-3"> <a href="https://www.instagram.com/github/" data-ga-click="Blog, go to Instagram, resources footer" style="color: #959da5;"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 169.063 169.063" class="d-block" height="18"> <title>Instagram icon</title> <g> <path d="M122.406,0H46.654C20.929,0,0,20.93,0,46.655v75.752c0,25.726,20.929,46.655,46.654,46.655h75.752 c25.727,0,46.656-20.93,46.656-46.655V46.655C169.063,20.93,148.133,0,122.406,0z M154.063,122.407 c0,17.455-14.201,31.655-31.656,31.655H46.654C29.2,154.063,15,139.862,15,122.407V46.655C15,29.201,29.2,15,46.654,15h75.752 c17.455,0,31.656,14.201,31.656,31.655V122.407z" fill="currentColor"/> <path d="M84.531,40.97c-24.021,0-43.563,19.542-43.563,43.563c0,24.02,19.542,43.561,43.563,43.561s43.563-19.541,43.563-43.561 C128.094,60.512,108.552,40.97,84.531,40.97z M84.531,113.093c-15.749,0-28.563-12.812-28.563-28.561 c0-15.75,12.813-28.563,28.563-28.563s28.563,12.813,28.563,28.563C113.094,100.281,100.28,113.093,84.531,113.093z" fill="currentColor"/> <path d="M129.921,28.251c-2.89,0-5.729,1.17-7.77,3.22c-2.051,2.04-3.23,4.88-3.23,7.78c0,2.891,1.18,5.73,3.23,7.78 c2.04,2.04,4.88,3.22,7.77,3.22c2.9,0,5.73-1.18,7.78-3.22c2.05-2.05,3.22-4.89,3.22-7.78c0-2.9-1.17-5.74-3.22-7.78 C135.661,29.421,132.821,28.251,129.921,28.251z" fill="currentColor"/> </g> </svg> <span class="sr-only">GitHub on Instagram</span> </a> </li> <li class="mr-3"> <a href="https://www.youtube.com/github" data-ga-click="Blog, go to YouTube, resources footer" style="color: #959da5;"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 19.17 13.6" class="d-block" height="16"> <title>YouTube icon</title> <path d="M18.77 2.13A2.4 2.4 0 0 0 17.09.42C15.59 0 9.58 0 9.58 0a57.55 57.55 0 0 0-7.5.4A2.49 2.49 0 0 0 .39 2.13 26.27 26.27 0 0 0 0 6.8a26.15 26.15 0 0 0 .39 4.67 2.43 2.43 0 0 0 1.69 1.71c1.52.42 7.5.42 7.5.42a57.69 57.69 0 0 0 7.51-.4 2.4 2.4 0 0 0 1.68-1.71 25.63 25.63 0 0 0 .4-4.67 24 24 0 0 0-.4-4.69zM7.67 9.71V3.89l5 2.91z" fill="currentColor"></path> </svg> <span class="sr-only">GitHub on YouTube</span> </a> </li> <li class="mr-3"> <a href="https://twitter.com/github" data-ga-click="Blog, go to X, resources footer" style="color: #959da5;"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1200 1227" class="d-block" height="18"> <title>X icon</title> <path xmlns="http://www.w3.org/2000/svg" d="M714.163 519.284 1160.89 0h-105.86L667.137 450.887 357.328 0H0l468.492 681.821L0 1226.37h105.866l409.625-476.152 327.181 476.152H1200L714.137 519.284h.026ZM569.165 687.828l-47.468-67.894-377.686-540.24h162.604l304.797 435.991 47.468 67.894 396.2 566.721H892.476L569.165 687.854v-.026Z" fill="currentColor"></path> </svg> <span class="sr-only">GitHub on X</span> </a> </li> <li class="mr-3 flex-self-start"> <a href="https://www.tiktok.com/@github" data-ga-click="Blog, go to TikTok, resources footer" style="color: #959da5;"> <svg role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg" class="d-block" height="18"> <title>TikTok icon</title> <path d="M12.525.02c1.31-.02 2.61-.01 3.91-.02.08 1.53.63 3.09 1.75 4.17 1.12 1.11 2.7 1.62 4.24 1.79v4.03c-1.44-.05-2.89-.35-4.2-.97-.57-.26-1.1-.59-1.62-.93-.01 2.92.01 5.84-.02 8.75-.08 1.4-.54 2.79-1.35 3.94-1.31 1.92-3.58 3.17-5.91 3.21-1.43.08-2.86-.31-4.08-1.03-2.02-1.19-3.44-3.37-3.65-5.71-.02-.5-.03-1-.01-1.49.18-1.9 1.12-3.72 2.58-4.96 1.66-1.44 3.98-2.13 6.15-1.72.02 1.48-.04 2.96-.04 4.44-.99-.32-2.15-.23-3.02.37-.63.41-1.11 1.04-1.36 1.75-.21.51-.15 1.07-.14 1.61.24 1.64 1.82 3.02 3.5 2.87 1.12-.01 2.19-.66 2.77-1.61.19-.33.4-.67.41-1.06.1-1.79.06-3.57.07-5.36.01-4.03-.01-8.05.02-12.07z" fill="currentColor"/> </svg> <span class="sr-only">GitHub on TikTok</span> </a> </li> <li class="mr-3 flex-self-start"> <a href="https://www.twitch.tv/github" data-ga-click="Blog, go to Twitch, resources footer" style="color: #959da5;"> <svg role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg" class="d-block" height="18"> <title>Twitch icon</title> <path d="M11.571 4.714h1.715v5.143H11.57zm4.715 0H18v5.143h-1.714zM6 0L1.714 4.286v15.428h5.143V24l4.286-4.286h3.428L22.286 12V0zm14.571 11.143l-3.428 3.428h-3.429l-3 3v-3H6.857V1.714h13.714Z" fill="currentColor"/> </svg> <span class="sr-only">GitHub on Twitch</span> </a> </li> <li> <a href="https://github.com/github" data-ga-click="Blog, go to github's org, resources footer" style="color: #959da5;"> <svg height="20" class="octicon octicon-mark-github d-block" alt="" viewBox="0 0 16 16" version="1.1" width="20" aria-hidden="true"> <title>GitHub icon</title> <path fill-rule="evenodd" d="M8 0C3.58 0 0 3.58 0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38 0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27.68 0 1.36.09 2 .27 1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0016 8c0-4.42-3.58-8-8-8z"></path> </svg> <span class="sr-only">GitHub’s organization on GitHub</span> </a> </li> </ul> <ul class="list-style-none d-flex flex-wrap text-gray"> <li class="mr-3">© 2025 GitHub, Inc.</li> <li class="mr-3"> <a href="https://docs.github.com/en/github/site-policy/github-terms-of-service" data-ga-click="Site Foundation Components, go to terms, site foundation components footer" class="Link--secondary">Terms</a> </li> <li class="mr-3"> <a href="https://docs.github.com/en/github/site-policy/github-privacy-statement" data-ga-click="Site Foundation Components, go to privacy, site foundation components footer" class="Link--secondary">Privacy</a> </li> <li class="mr-3"> <button type="button" class="btn-link Link--secondary" onClick="_ghcc.showPreferences()">Manage Cookies</button> </li> <li class="mr-3"> <button type="button" class="btn-link Link--secondary" onClick="_ghcc.showPreferences()">Do not share my personal information</button> </li> </ul> </div> </div> </footer> </div> <div id="ghcc" style="position: sticky; bottom: 0; z-index: 99999;"></div><script src="https://ghcc.githubassets.com/ghcc.min.js" id="github_cookie_consent-js"></script> <script src="https://js.monitor.azure.com/scripts/c/ms.analytics-web-4.js" id="github_microsoft_analytics-js"></script> <script type="text/javascript" src="https://github.blog/_static/??/wp-content/plugins/gh-cookie-consent-and-tracking/dist/js/cookie-consent-and-tracking.js,/wp-includes/js/dist/hooks.min.js?m=1739996894j" ></script><script src="https://github.blog/wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e6" id="wp-i18n-js"></script> <script id="wp-i18n-js-after"> wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ 'ltr' ] } ); </script> <script type="text/javascript" src="https://github.blog/_static/??/wp-includes/js/dist/vendor/wp-polyfill.min.js,/wp-includes/js/dist/url.min.js?m=1739294330j" ></script><script src="https://github.blog/wp-includes/js/dist/api-fetch.min.js?ver=d387b816bc1ed2042e28" id="wp-api-fetch-js"></script> <script id="wp-api-fetch-js-after"> wp.apiFetch.use( wp.apiFetch.createRootURLMiddleware( "https://github.blog/wp-json/" ) ); wp.apiFetch.nonceMiddleware = wp.apiFetch.createNonceMiddleware( "37cbff3a5c" ); wp.apiFetch.use( wp.apiFetch.nonceMiddleware ); wp.apiFetch.use( wp.apiFetch.mediaUploadMiddleware ); wp.apiFetch.nonceEndpoint = "https://github.blog/wp-admin/admin-ajax.php?action=rest-nonce"; </script> <script type="text/javascript" src="https://github.blog/wp-content/themes/github-2021/dist/js/site-script.js?m=1739996894g" ></script><script integrity="sha256-kAnFXX7lCXF9K2o4g5q1lKyk167yRq6C4TiXWtbgvQw=" crossorigin="anonymous" src="https://analytics.githubassets.com/v1.1.0/hydro-marketing.min.js?ver=6.7.2" id="hydro-analytics-js"></script> <script src="https://stats.wp.com/e-202508.js" id="jetpack-stats-js" data-wp-strategy="defer"></script> <script id="jetpack-stats-js-after"> _stq = window._stq || []; _stq.push([ "view", JSON.parse("{\"v\":\"ext\",\"blog\":\"153214340\",\"post\":\"0\",\"tz\":\"-8\",\"srv\":\"github.blog\",\"hp\":\"vip\",\"j\":\"1:14.3\"}") ]); _stq.push([ "clickTrackerInit", "153214340", "0" ]); </script> </body> </html>