The CodeQL code analysis engine, which powers GitHub's code scanning, was added to the platform's capabilities after GitHub acquired code-analysis platform Semmle in September 2019.

Through artifact attestation and the SLSA framework, GitHub's director of product management, Jennifer Schelkopf, argues that at least some supply chain attacks can be stopped in their tracks.

GitHub, the Microsoft-owned code repository, has announced something that will hopefully make all our software much more secure. The platform has, after several months of testing, now launched ...

During the beta, GitHub says code scanning was used to perform more than 1.4 million scans on more than 12,000 repositories. It's helped identify over 20,000 vulnerabilities.

GitHub is inviting developers to take part in a technology preview of improved code search, which it describes as "way more than grep," the Linux command-line search utility. The project has its own ...