GitHub Advanced Security enterprise customers can now publish internal security advisories. Innersource advisories work similarly to GitHub’s open source advisories, but their visibility is restricted to repositories owned by the…
The post Innersource security advisories are generally available appeared first on The GitHub Blog.
GitHub Advanced Security enterprise customers can now publish internal security advisories. Innersource advisories work similarly to GitHub’s open source advisories, but their visibility is restricted to repositories owned by the enterprise.
There is a new REST API endpoint to manage innersource vulnerabilities, including operations to create, update, or withdraw vulnerabilities. Once you use the API to create an advisory about a component, GitHub uses Dependabot to notify repositories inside the enterprise that use the component. Notifications can include security alerts and version updates. When a version upgrade is needed, Dependabot will open a pull request to upgrade a vulnerable version of the component to one with a fix. For more information, see Creating and using innersource advisories.
| # | Наименование новости | Тональность | Информативность | Дата публикации |
|---|---|---|---|---|
| 1 | Organization-level targeting for GitHub Code Quality | 5 | 7 | 09-07-2026 |
| 2 | New pull requests dashboard is now generally available | 5 | 7 | 09-07-2026 |
| 3 | Clearer names for secret scanning detector types | 0 | 3 | 10-07-2026 |
| 4 | Ask Copilot for a repository overview | 0 | 5 | 09-07-2026 |
| 5 | Enterprise-managed OpenTelemetry export for VS Code and CLI | 0 | 5 | 08-07-2026 |
| 6 | New GitHub Zero-Day Exposed Developer Tokens to Attackers | -5 | 7 | 04-06-2026 |
| 7 | GitHub Mobile: Improved filters and sorting for Copilot sessions | 0 | 5 | 10-07-2026 |
| 8 | CodeQL 2.26.0 adds Kotlin 2.4.0 support and AI prompt injection detection | 5 | 7 | 10-07-2026 |
| 9 | Malicious GitHub Repositories Could Trick AI Coding Agents Into Running Hidden Malware, Researchers Warn | 0 | 7 | 28-06-2026 |
| 10 | Rocky Linux Container-Tools Significant Security Advisory RLSA-2026-33722 | 0 | 5 | 01-07-2026 |