GitHub’s code scanning autofix enters public beta

GitHub has announced that its code scanning autofix feature, powered by GitHub Copilot and CodeQL, is now available in public beta for all GitHub Advanced Security customers.

The autofix tool aims to remediate over two-thirds of vulnerabilities found during code scanning with minimal editing required by developers.

"Our vision for application security is an environment where found means fixed," said GitHub in a blog post. "By prioritising the developer experience in...

20 March 2024 | Developer

GitHub enables secret scanning push protection by default

In response to the alarming trend of API keys, tokens, and other confidential data being inadvertently exposed, GitHub has taken further steps to fortify its platform against potential breaches.

Within the first two months of 2024, GitHub has uncovered one million leaked secrets across public repositories, averaging over a dozen incidents per minute. Such alarming figures underscore the pressing need for robust safeguards to protect users and their data.

Since August...

1 March 2024 | Developer

GitHub suffers from over 100K infected repos

Developers face a major security threat as over 100,000 repositories on GitHub are infected with malicious code.

This resurgence of a malicious repo confusion campaign – detected by Apiiro’s security researchers – has impacted countless developers who unwittingly use repositories they believe to be trusted but are, in fact, compromised.

Similar to dependency confusion attacks – which exploit package managers – repo confusion attacks rely on human error,...

29 February 2024 | Developer

GitHub invites open-source AI developers to apply for Accelerator

GitHub has announced applications are now open for the next cohort of its Accelerator program, which provides funding, mentoring, and other benefits for early-stage open-source projects. There is a particular focus this year on developers building AI solutions.

Applications will be accepted on a rolling basis until 5 March 2024. Ten projects will be selected to participate in the 10-week program beginning 22 April 2024.

The 2024 GitHub Accelerator cohort focuses on the...

14 February 2024 | Artificial Intelligence

GitHub rotates credentials following vulnerability discovery

GitHub has rotated encryption keys following the discovery of a vulnerability that could have enabled threat actors to steal credentials, the company revealed Tuesday.  

The Microsoft-owned firm said it first became aware of the high-severity security flaw tracked as CVE-2024-0200 on 26 December 2023. After investigating the issue and verifying there was no evidence it had been exploited in attacks, GitHub moved swiftly to rotate potentially exposed keys the same day as a...

17 January 2024 | Developer

GitHub launches Innovation Graph for interactive development insights

GitHub has unveiled its Innovation Graph, an open data and insights platform for measuring and understanding the global impact of developers.

The ambitious initiative aims to address a longstanding challenge faced by policymakers and researchers: the lack of reliable and comprehensive data on trends in software development.

Understanding the Innovation Graph

The Innovation Graph is a repository of longitudinal metrics that track software development across economies...

22 September 2023 | Developer

GitHub opens Copilot Chat to all developers

GitHub has announced that Copilot Chat is now available to all developers, ushering in a new era of AI-powered software development.

Copilot Chat was launched for ‘Business’ users in July. The AI assistant is capable of assisting developers in their preferred natural language and promises to reduce repetitive tasks.

Developers can use the assistant to explore new languages or frameworks, troubleshoot bugs, and/or seek answers to coding questions, all while remaining...

21 September 2023 | Artificial Intelligence

Mathew Payne, GitHub: Protecting code while nurturing user experience

Developer caught up with Mathew Payne, Principal Field Security Specialist at GitHub, to discuss the platform’s security strategies and how they aim to strike a balance between robustness and a seamless user experience.

At the heart of GitHub's security philosophy lies a commitment to safeguarding user code. Payne emphasised that a major focus is on securing the code created by both users and developers.

“The first thing that we focus on at GitHub is the security...

18 August 2023 | Development Tools

GitHub introduces passwordless authentication

GitHub is introducing passwordless authentication to enhance account security and provide a more seamless user experience.

Passkeys are touted as offering a secure and easy-to-use method of protecting user accounts, with the aim of eliminating password-based breaches altogether. Unlike conventional security measures, passkeys offer improved security by combining two-factor authentication (2FA) with enhanced user verification.

Passkeys require something the user is or...

14 July 2023 | Development Tools

GitHub research highlights the impact of AI on developers

To gain deeper insights into how new AI tools and existing workflows impact the overall developer experience, GitHub partnered with Wakefield Research to survey 500 developers from enterprise companies across the US.

GitHub’s goal was to identify the barriers developers face. For example, the survey found that developers spend most of their time waiting for code reviews, builds, and tests, which negatively impacts their productivity and overall developer...

13 June 2023 | Artificial Intelligence