Security catch-up [Code Security check-in]

[otter-computer]

Hey everyone, it's the first code security check-in, and the last of the year! In this, edition I've got a round-up of all the recent security ships, from Universe to now. Let's get into it!

ICYMI: What launched at Universe 🚀

Missed out on Universe 2022? Here's a handy explainer of all things security that launched. You can also check out the Universe Security track playlist on YouTube to catch up on the security sessions you may have missed.

Private vulnerability reporting

Maintainers of open source repositories can now receive private vulnerability reports from the community and collaborate on a solution. This makes it easy for security researchers to find, collaborate with repository maintainers, and fix vulnerabilities in public repositories without the fear of accidentally leaking them before a fix is in place.

Security overview for Enterprise

Work in a large enterprise and need to manage the security for hundreds of repositories at a time? The new security coverage view provides glanceable insights and powerful filtering to give you enterprise-wide visibility of your security status.

Post-universe feature ships 🛠

Universe may be over but we're still launching! Here's a run-down on everything we've shipped since then.

Secret scanning is now available for free on public repositories

Exposing secrets is a security team's worst nightmare. To give all open source maintainers peace of mind, we've made secret scanning available on all public repositories for free! We're rolling this out steadily, and plan to have the feature available to 100% of users by the end of January. Check out the blog post and protect your open source project now.

Secret scanning now push protects custom patterns

GitHub Advanced Security customers can now push protect custom patterns, meaning no more accidental leaks of your organization's custom secrets. Check out the blog post to learn more.

Advisory database supports GitHub Actions in Enterprise

Back in August we shipped support for Github Actions in the Advisory Database, bringing Dependabot alerts to the Actions ecosystem. This has now also shipped in the latest version of GitHub Enterprise.

GitHub takes a break over the holidays 💤

The festive season is fast approaching and many teams here at GitHub will be taking time away to spend the holidays with family and friends. The Product and Engineering teams will be taking time off, and the Support and Community teams will be working with reduced capacity. This means that responses to support tickets, feature requests, bugs, and issues may take longer than usual.

Rest assured; the community team will still be here to keep an eye on the discussion boards.

Happy holidays if you celebrate, everyone, and I’ll see you again with another check-in in the new year!