Search

github.blog › changelog

Dependabot alerts are now assignable to AI agents for remediation - GitHub Changelog

…Tackle complex dependency updates with coding agents Dependabot security updates already automatically open pull requests to upgrade vulnerable dependencies to the nearest patched version. For many alerts, that’s all you need…

Apr 7, 2026 · Allison

github.blog › changelog

Code scanning: Batch apply security alert suggestions on pull requests - GitHub Changelog

…Batching changes into a single commit means you’ll run one scan instead of a separate one for each alert, reducing remediation and review time and keeping pull requests moving. This update…

Apr 7, 2026 · Allison

github.blog › changelog

Link code scanning alerts to GitHub Issues - GitHub Changelog

Back to changelog You can now link code scanning alerts to GitHub Issues, bringing security remediation into your existing planning and tracking workflows. This functionality is in public preview. With this update…

Apr 14, 2026 · Allison

github.blog › changelog

GitHub Code Quality: Batch apply quality suggestions on pull requests - GitHub Changelog

…Keep pull requests moving by reducing remediation and review time. This update is now generally available on github.com. To learn more, check out our GitHub Code Quality documentation . Join the discussion…

Mar 17, 2026 · Allison

github.blog › changelog

Code Security risk assessment available for organizations - GitHub Changelog

…It includes remediation guidance, highlighting where Copilot Autofix can automatically suggest fixes. The report enables you to identify high-impact repositories to prioritize, and helps understand how to remediate security issues faster…

Apr 8, 2026 · Allison

github.blog › news-insights › company-news

GitHub Universe is back: We want you to take the stage

…During their session, they pulled back the curtain on how GitHub applies AI to streamline remediation and make alerts easier to interpret—then pushed the story forward into what comes next: AI…

Apr 8, 2026 · Rachel Cohen

github.blog › security

Securing the git push pipeline: Responding to a critical remote code execution vulnerability

Alexis Wales · @alexiswales April 28, 2026 | Updated April 29, 2026 | 5 minutes 5 minutes Share: On March 4, 2026, we received a vulnerability report through our Bug Bounty program from researchers at…

Apr 28, 2026 · Alexis Wales

github.blog › changelog

CodeQL now supports sanitizers and validators in models-as-data - GitHub Changelog

Back to changelog CodeQL is the static analysis engine behind GitHub code scanning , which finds and remediates security issues in your code. You can now define custom sanitizers and validators using data…

Apr 21, 2026 · Allison

github.blog › changelog

CodeQL 2.25.3 adds Swift 6.3 support - GitHub Changelog

Back to changelog CodeQL is the static analysis engine behind GitHub code scanning , which finds and remediates security issues in your code. We’ve recently released CodeQL 2.25.3 , which adds…

May 8, 2026 · Allison

github.blog › changelog

CodeQL 2.25.2 adds Kotlin 2.3.20 support and other updates - GitHub Changelog

…code scanning , which finds and remediates security issues in your code. We’ve recently released CodeQL 2.25.2 , which brings a new Kotlin version update, various accuracy improvements, and a set…

Apr 15, 2026 · Allison