Skip to content

Code security insights on the organization-level Security tab (Beta)

Banner announcing the new overview dashboard states prioritization made simple with security insights

A new asset in security management is now available for GitHub enterprise users. Reinforcing the “shift left” philosophy, this feature is designed to integrate security into the heart of the development lifecycle, empowering your organization to proactively identify and address vulnerabilities.

Key advantages

Historical context

By comparing historical and current data, you can visibly track improvements in your security landscape and demonstrate the value of security investments.

Reporting period drop-down menu for the new overview dashboard

Customized focus

Sharpen your focus with filters that dissect your security data by teams, repositories, or any categorization that aligns with your goals. Whether it’s tracking team performance or monitoring metrics across a core group of repositories with the repository topic filter, there’s a plethora of options available to meet your needs.

Drop-down of filters for the new overview dashboard

Prioritization made simple

With clear insights into severity and net resolve rate—security’s version of developer velocity—the dashboard shows you if your resources are aligned with the most severe threats and if remediation speed is in harmony with security demands.

Security alerts trends graph grouped by severity and the net resolve rate tile from the new overview dashboard

Strategic alignment

Gain a strategic perspective with the Repositories “Top 10” list, which shows you repositories with the largest number of open alert counts, to understand where to direct your attention first.

Repositories top 10 list from the new overview dashboard

Shift left

The dashboard, which is accessible by everyone in the organization, helps you drive best security practices by understanding potential issues as early as possible, reducing risk and workload down the line.

New overview dashboard

This overview dashboard is now available as a beta on GitHub Enterprise Cloud and will be available in GitHub Enterprise Server 3.13.

Learn more about the new overview dashboard and send us your feedback

Copilot in JetBrains IDEs – Chat is now available in private beta + New welcome guide

Copilot Chat in JetBrains IDEs is now available in Private Beta

We are happy to announce that a private beta of GitHub Copilot Chat is now available for users of JetBrains IDEs, including IntelliJ, PyCharm, WebStorm, Android Studio, and more.
GitHub Copilot Chat is a powerful AI-assistant capable of helping every developer build at the speed of their minds in the natural language of their choice.

This private beta is available to Copilot Business customers and Copilot Individual users.

To get access to the private beta, sign up for this waitlist.

GitHub Enterprise Cloud (GHEC) administrators interested in participating in the private beta should reach out to your GitHub account manager or contact our sales team to make the feature available for your enterprise.

We’d love your feedback on this new release. Please use this link to share your feedback or ideas on how to improve the product.

Copilot Chat in IntelliJ

A new Copilot welcome guide is available for JetBrains IDEs

We recently introduced a new welcome guide in our Copilot for JetBrains IDEs extension. Now you will be guided through the various features of GitHub Copilot and how to make the most of it!

Copilot welcome guide in IntelliJ

The welcome guide will activate when you install the GitHub Copilot plugin.

See more

Secret scanning expands detection to include non-provider patterns (beta)

Secret scanning will now detect the following non-provider patterns:

  • HTTP basic authentication header
  • HTTP bearer authentication header
  • MongoDB connection string
  • MySQL connection string
  • Postgres connection string
  • OpenSSH private key
  • PGP private key
  • RSA private key

Detection of these patterns must be enabled within a repository or organization’s security settings by checking the box next to “Scan for non-provider patterns.” Resulting secrets will appear in a new, separate tab on the secret scanning alert list called “Other.”

screenshot of secret scanning alerts showing a tab called Other with alerts for five non-provider patterns

Detection of non-provider patterns is currently in beta and is available for enterprises with a GitHub Advanced Security license only. Additional patterns will be added throughout the beta.

See more
View all changes