Back to updates

Code Scanning - 1

2026 (4)

April (4)

github: OIDC support for Dependabot and code scanning

GitHub

2026-04-14

Dependabot and code scanning now support OpenID Connect (OIDC) authentication for private registries configured at the organization level. This removes the need to store long-lived credentials as repository secrets.

github: Link code scanning alerts to GitHub Issues

GitHub

2026-04-14

GitHub added the ability to link code scanning alerts to GitHub Issues. The feature is in public preview and is meant to connect security remediation work with existing planning and tracking workflows.

github: Dependabot and code scanning: Org-level private registries

GitHub

2026-04-14

GitHub now lets organizations configure multiple private registries at the org level for Dependabot and code scanning, which is useful for setups that use more than one internal package feed. Previously, org-level settings supported only one private registry per ecosystem.

github: Code scanning: Batch apply security alert suggestions on pull requests

GitHub

2026-04-07

GitHub code scanning alerts on pull requests can now be fixed in bulk from the Files changed tab. The update lets users apply multiple security alert suggestions at once instead of handling them individually.