GitHub is announcing updates to its security offerings to help development teams tackle their security risk.
Now generally available, security campaigns are a new way to bring security teams and development teams together.
Security teams can prioritize the risks that need to be addressed across repositories and add them to a security campaign, which is then shared with developers who are impacted. The development team can then plan and manage the work alongside their other work in GitHub.
GitHub provides predefined templates for common security issues that can be used as the basis for the campaign.
Copilot Autofix can also make suggestions for remediation for the alerts in a campaign or generate more information on the issue to help developers better understand the concern.
Security teams also get access to statistics for their campaigns so they can track the progress of resolution across all of their campaigns.
“Our data shows that security debt is the biggest unaddressed risk that customers face: historically, only 10% of lingering security debt in merged code gets addressed, meaning until today, 90% of risks did not get prioritized. Now, our data shows that 55% of security debt included in security campaigns was fixed,” James Fletcher, senior product manager at GitHub, wrote in a blog post.
Security campaigns are available for all GitHub Advanced Security and GitHub Code Security customers starting today.
