DEVSECOPS
GitHub Actions 2026 Security Roadmap Targets Supply Chain Attacks
GitHub unveils major security overhaul for Actions with dependency locking, egress firewalls, and policy controls to combat rising CI/CD supply chain attacks.
GitHub CodeQL Gets Major Speed Boost for Pull Request Security Scans
GitHub's CodeQL incremental analysis now runs up to 20% faster on pull requests across five major programming languages, with larger repos seeing biggest gains.
GitHub Expands Push Protection Controls to Repository Level
GitHub now allows developers to manage secret scanning push protection exemptions directly from repository settings, bypassing organization-level configurations.
GitHub Adds 28 Secret Detectors Including Snowflake and Vercel API Keys
GitHub's March 2026 secret scanning update adds 28 new detectors from 15 providers, enables push protection for 39 patterns, and adds validity checks for DeepSeek and npm tokens.
GitHub Reveals Security Architecture Behind AI Agent Workflows
GitHub details how its Agentic Workflows isolate AI agents in CI/CD pipelines with zero-secret containers, staged writes, and comprehensive logging.
GitHub Launches SLSA Build Level 3 Security with Full Code-to-Cloud Traceability
GitHub releases new APIs and artifact tracking tools enabling enterprises to trace software from source code through production deployment with cryptographic verification.
GitHub and JFrog Collaborate to Streamline DevSecOps Processes
GitHub and JFrog's new partnership aims to enhance DevSecOps by unifying code and binaries management.