SIMON Master Console Rebuild
True command center for SIMON + WEB360
This rebuild gives you a cleaner production spine: interactive tree, live viewer, guarded editor, dynamic graphics, architecture map, and note storage. It is designed to sit beside your existing
console.php
and become the stronger replacement path.
Dashboard
Tree
Viewer
System Map
File Registry
Notes
Files
15,334
Folders
408
Scanned Size
3.84 GB
PHP Files
886
Editable Text Files
12,595
File viewer
guarded to /htdocs
/connlink/test1/cache/github_changelog_e1b245698998.json
{ "ok": true, "items": [ { "id": "546e608aebab42601b872f762270ee3d72ae4896", "source_id": "github_changelog", "source": "GitHub Changelog", "category": "technology", "engine": "rss", "title": "", "summary": "June 2026 is about visibility and trust with a clearer view of your GitHub Copilot usage, a new trust layer for MCP servers, and the first C++ scenarios for the modernization agent reaching general availability. Highlights Here’s what’s new with GitHub Copilot in Visual Studio 2026. Check the Insiders channel for the latest: Copilot usage tracking and alerts: The refreshed Copilot Usage window reflects GitHub Copilot’s usage-based billing model with real-time updates. In addition, proactive alerts let you know when you’re approaching your limit, when you’ve hit it, and when overages activate. Open it from Copilot badge menu > Copilot Usage and tune the warning threshold in settings to decide how early you get the notification. Trust validation for MCP servers: Visual Studio now compares an MCP server’s configuration and asset fingerprint against a trusted baseline at startup. If anythin…", "url": "", "image": "", "published": "2026-07-15T04:34:56+00:00", "score": 89.6, "color": "#ffb347", "raw": { "title": "", "summary": "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\" \"http://www.w3.org/TR/REC-html40/loose.dtd\">\n<html><body><p>June 2026 is about visibility and trust with a clearer view of your GitHub Copilot usage, a new trust layer for MCP servers, and the first C++ scenarios for the modernization agent reaching general availability.</p>\n<h3 id=\"highlights\" id=\"highlights\" ><a class=\"heading-link\" href=\"#highlights\">Highlights<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h3>\n<p>Here’s what’s new with GitHub Copilot in Visual Studio 2026. Check the Insiders channel for the latest:</p>\n<ul>\n<li><strong>Copilot usage tracking and alerts</strong>: The refreshed <strong>Copilot Usage</strong> window reflects GitHub Copilot’s usage-based billing model with real-time updates. In addition, proactive alerts let you know when you’re approaching your limit, when you’ve hit it, and when overages activate. Open it from <strong>Copilot badge menu > Copilot Usage</strong> and tune the warning threshold in settings to decide how early you get the notification.</li>\n<li><strong>Trust validation for MCP servers</strong>: Visual Studio now compares an MCP server’s configuration and asset fingerprint against a trusted baseline at startup. If anything has changed, a trust dialog asks you to review and approve the change before the server runs. This feature is on by default and lives under <strong>Tools > Options > GitHub > Copilot > Copilot Chat > Show trust dialog before running tools from an updated MCP server</strong>.</li>\n<li><strong>GitHub Copilot modernization agent for C++ is generally available</strong>: The MSVC upgrade scenarios for the <a href=\"https://aka.ms/AppModCppDocs\">modernization agent</a> have graduated from preview. Run it in <strong>Automated</strong> mode for end-to-end upgrades or in <strong>Guided</strong> mode to review the assessment, plan, and execution before each step. Right-click a project in <strong>Solution Explorer</strong> and select <strong>Modernize</strong> or use <code>@Modernize</code> in <strong>Copilot Chat</strong>.</li>\n<li><strong>Long-distance next edit suggestions</strong>: Copilot’s next edit suggestions can now predict and propose follow-up edits anywhere in the active file, not just near your cursor. Turn it on under <strong>Tools > Options > Text Editor > Inline Suggestions</strong> by selecting <strong>Enable extended range suggestions</strong>.</li>\n<li><strong>Add pull requests to Copilot Chat</strong>: Right-click a pull request in the <strong>Git Repository</strong> window and select <strong>Add to Copilot Chat</strong>. Copilot will then pick up the pull request description, changed files, and comments as context. You can also reference a pull request inline by typing <code>#</code> followed by the pull request ID. This functionality requires <strong>View pull requests for a Git repository</strong> under <strong>Preview Features</strong>.</li>\n<li><strong>Review and approve pull requests in the IDE</strong>: The new in-IDE pull request review experience pairs naturally with <strong>Add to Copilot Chat</strong>. Browse, comment, approve, and complete pull requests from GitHub or Azure DevOps without leaving Visual Studio, then pull any pull request into Copilot Chat when you want help triaging or summarizing.</li>\n</ul>\n<p>This update is available to users on all <a href=\"https://docs.github.com/copilot/get-started/plans\">GitHub Copilot plans</a>, including Copilot Free, Student, Pro, Pro+, Max, Business, and Enterprise.</p>\n<p><a href=\"https://visualstudio.microsoft.com/downloads\">Download Visual Studio 2026</a> to experience all the new Copilot features today. To learn more about what’s new, check out the <a href=\"https://devblogs.microsoft.com/visualstudio/visual-studio-june-update-track-your-usage-trust-your-tools\">Visual Studio blog</a> and <a href=\"https://learn.microsoft.com/visualstudio/releases/2026/release-notes\">release notes</a>.</p>\n<h3 id=\"whats-next-for-copilot-in-visual-studio\" id=\"whats-next-for-copilot-in-visual-studio\" ><a class=\"heading-link\" href=\"#whats-next-for-copilot-in-visual-studio\">What’s next for Copilot in Visual Studio<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h3>\n<p>Stay up to date on the latest Copilot features by following the <a href=\"https://devblogs.microsoft.com/visualstudio\">Visual Studio blog</a>, where you’ll find roadmap updates and opportunities to share feedback.</p>\n</body></html>\n<p>The post <a href=\"https://github.blog/changelog/2026-07-14-github-copilot-in-visual-studio-june-update\">GitHub Copilot in Visual Studio — June update</a> appeared first on <a href=\"https://github.blog\">The GitHub Blog</a>.</p>\n", "url": "", "image": "", "published": "2026-07-15T04:34:56+00:00" } }, { "id": "546e608aebab42601b872f762270ee3d72ae4896", "source_id": "github_changelog", "source": "GitHub Changelog", "category": "technology", "engine": "rss", "title": "", "summary": "This update brings major advances in customization and model provider flexibility to all tiers of GitHub Copilot for JetBrains IDEs. With richer plugin and provider experiences, improved conversational interactions, and stronger reliability, teams can more confidently tailor Copilot to how they build software. What’s new Bring your own key custom endpoint support We’ve expanded bring your own key support with custom endpoints. You can now configure OpenAI-compatible custom endpoints with API keys to use your own models. Expanded customizations with plugin management GitHub Copilot for JetBrains now includes a more complete plugin management experience in customizations. You can browse and install plugins through the marketplace or from the source repository. This makes it easier to shape Copilot around team-specific workflows without jumping between disconnected setup surfaces. Claude a…", "url": "", "image": "https://github.com/user-attachments/assets/805ce3ef-c570-4301-aa8f-269ec4bac463", "published": "2026-07-15T04:34:56+00:00", "score": 89.6, "color": "#ffb347", "raw": { "title": "", "summary": "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\" \"http://www.w3.org/TR/REC-html40/loose.dtd\">\n<html><body><p>This update brings major advances in customization and model provider flexibility to all tiers of GitHub Copilot for JetBrains IDEs. With richer plugin and provider experiences, improved conversational interactions, and stronger reliability, teams can more confidently tailor Copilot to how they build software.</p>\n<h2 id=\"whats-new\" id=\"whats-new\" ><a class=\"heading-link\" href=\"#whats-new\">What’s new<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h2>\n<h3 id=\"bring-your-own-key-custom-endpoint-support\" id=\"bring-your-own-key-custom-endpoint-support\" ><a class=\"heading-link\" href=\"#bring-your-own-key-custom-endpoint-support\">Bring your own key custom endpoint support<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h3>\n<p>We’ve expanded bring your own key support with custom endpoints. You can now configure OpenAI-compatible custom endpoints with API keys to use your own models.</p>\n<p><img decoding=\"async\" alt=\"BYOK provider settings showing custom endpoint configuration with API key\" src=\"https://github.com/user-attachments/assets/805ce3ef-c570-4301-aa8f-269ec4bac463\"></p>\n<h3 id=\"expanded-customizations-with-plugin-management\" id=\"expanded-customizations-with-plugin-management\" ><a class=\"heading-link\" href=\"#expanded-customizations-with-plugin-management\">Expanded customizations with plugin management<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h3>\n<p>GitHub Copilot for JetBrains now includes a more complete plugin management experience in customizations. You can browse and install plugins through the marketplace or from the source repository.</p>\n<p>This makes it easier to shape Copilot around team-specific workflows without jumping between disconnected setup surfaces.</p>\n<p><img decoding=\"async\" alt=\"Agent customizations view showing plugin management with marketplace and source repository options\" src=\"https://github.com/user-attachments/assets/bbb7187c-92bc-491e-84af-46427590999b\"></p>\n<h3 id=\"claude-agent-provider-customizations-support\" id=\"claude-agent-provider-customizations-support\" ><a class=\"heading-link\" href=\"#claude-agent-provider-customizations-support\">Claude agent provider customizations support<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h3>\n<p>Customizations now support Claude agent provider, allowing you to set up custom agents, skills, and instructions. Available for GitHub Copilot Pro and higher plans in public preview.</p>\n<p><img decoding=\"async\" alt=\"Agent customizations view showing Claude agent provider configuration\" src=\"https://github.com/user-attachments/assets/fa106509-a78e-4224-8ffd-d79924b61608\"></p>\n<h3 id=\"local-sandboxing-support\" id=\"local-sandboxing-support\" ><a class=\"heading-link\" href=\"#local-sandboxing-support\">Local sandboxing support<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h3>\n<p>This release adds support for local sandboxing, including new sandbox settings and configuration flows in the JetBrains plugin. This feature is in public preview. For more information, see <a href=\"https://docs.github.com/copilot/concepts/about-cloud-and-local-sandboxes\">About cloud and local sandboxes</a>.</p>\n<p><img decoding=\"async\" alt=\"JetBrains sandbox settings for configuring local sandbox behavior\" src=\"https://github.com/user-attachments/assets/a2141c33-0702-4ca7-ba1c-1033fc60115a\"></p>\n<h3 id=\"built-in-debugger-skill-for-copilot-cli\" id=\"built-in-debugger-skill-for-copilot-cli\" ><a class=\"heading-link\" href=\"#built-in-debugger-skill-for-copilot-cli\">Built-in debugger skill for Copilot CLI<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h3>\n<p>This release adds a built-in debugger skill for Copilot CLI sessions, enabling agent-driven debugging workflows directly in your development environment. It helps you investigate issues step by step with guided debugging support. This feature is in public preview.</p>\n<h2 id=\"user-experience-enhancements\" id=\"user-experience-enhancements\" ><a class=\"heading-link\" href=\"#user-experience-enhancements\">User experience enhancements<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h2>\n<p>This version also improves usability across chat, model selection, customization views, and CLI sessions.</p>\n<ul>\n<li>Improved model picker controls in chat and inline chat</li>\n<li>Improved UI clarity for custom agents, customizations, and provider settings</li>\n<li>Improved authentication UX messaging</li>\n<li>Added message re-edit support in inline and CLI experiences for faster prompt iteration and follow-up requests</li>\n</ul>\n<h2 id=\"quality-improvements\" id=\"quality-improvements\" ><a class=\"heading-link\" href=\"#quality-improvements\">Quality improvements<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h2>\n<p>We’ve improved reliability and stability across authentication recovery, account switching, provider and session persistence, and editor interaction paths. These fixes reduce friction in long-running sessions and make Copilot behavior more consistent when switching modes, providers, or work contexts.</p>\n<h2 id=\"changed\" id=\"changed\" ><a class=\"heading-link\" href=\"#changed\">Changed<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h2>\n<p>We’ve adjusted Copilot CLI provider policy handling for CLI-as-default scenarios. Disabling Copilot CLI by policy no longer affects Copilot CLI provider in JetBrains IDEs.</p>\n<h2 id=\"try-it-out\" id=\"try-it-out\" ><a class=\"heading-link\" href=\"#try-it-out\">Try it out<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h2>\n<p>We encourage you to try out the <a href=\"https://plugins.jetbrains.com/plugin/17718-github-copilot--your-ai-pair-programmer/versions\">latest version of the GitHub Copilot plugin</a> and share your feedback. Your input is invaluable in helping us refine and improve the product.</p>\n<h2 id=\"share-your-feedback\" id=\"share-your-feedback\" ><a class=\"heading-link\" href=\"#share-your-feedback\">Share your feedback<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h2>\n<p>Your feedback drives improvements. We’d love to hear about your experience in the following channels:</p>\n<ul>\n<li><strong>In-product feedback:</strong> Use the feedback options within your IDE.</li>\n<li><strong>Feedback repository:</strong> Share your thoughts in the <a href=\"https://github.com/microsoft/copilot-intellij-feedback/issues\">GitHub Copilot for JetBrains IDEs issues</a>.</li>\n</ul>\n</body></html>\n<p>The post <a href=\"https://github.blog/changelog/2026-07-14-github-copilot-for-jetbrains-expands-byok-capabilities\">GitHub Copilot for JetBrains expands BYOK capabilities</a> appeared first on <a href=\"https://github.blog\">The GitHub Blog</a>.</p>\n", "url": "", "image": "https://github.com/user-attachments/assets/805ce3ef-c570-4301-aa8f-269ec4bac463", "published": "2026-07-15T04:34:56+00:00" } }, { "id": "546e608aebab42601b872f762270ee3d72ae4896", "source_id": "github_changelog", "source": "GitHub Changelog", "category": "technology", "engine": "rss", "title": "", "summary": "GitHub code scanning now surfaces AI-powered security detections directly on pull requests, expanding vulnerability coverage to languages and frameworks not currently supported by CodeQL. These detections help teams identify and address potential issues in parts of the codebase that previously had no native scanning coverage, all before code is merged. What’s included Broader language coverage: AI-powered detections extend code scanning to languages and frameworks beyond those supported by CodeQL’s built-in analysis, reducing blind spots across your codebase. Native pull request integration: Findings appear directly in pull requests, so developers can review and address issues as part of their existing workflow before merging code. Alerts generated using AI will be labeled with AI so you can easily distinguish them from CodeQL results. Easy to enable: Once allowed at the enterprise leve…", "url": "", "image": "", "published": "2026-07-15T04:34:56+00:00", "score": 89.6, "color": "#ffb347", "raw": { "title": "", "summary": "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\" \"http://www.w3.org/TR/REC-html40/loose.dtd\">\n<html><body><p>GitHub code scanning now surfaces AI-powered security detections directly on pull requests, expanding vulnerability coverage to languages and frameworks not currently supported by CodeQL. These detections help teams identify and address potential issues in parts of the codebase that previously had no native scanning coverage, all before code is merged.</p>\n<h3 id=\"whats-included\" id=\"whats-included\" ><a class=\"heading-link\" href=\"#whats-included\">What’s included<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h3>\n<ul>\n<li><strong>Broader language coverage</strong>: AI-powered detections extend code scanning to languages and frameworks beyond those supported by <a href=\"https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/\">CodeQL’s built-in analysis</a>, reducing blind spots across your codebase.</li>\n<li><strong>Native pull request integration</strong>: Findings appear directly in pull requests, so developers can review and address issues as part of their existing workflow before merging code. Alerts generated using AI will be labeled with <code>AI</code> so you can easily distinguish them from CodeQL results.</li>\n<li><strong>Easy to enable</strong>: Once allowed at the enterprise level, you can enable AI security detections for any repository or organization that have GitHub code security and CodeQL default setup turned on.</li>\n</ul>\n<h3 id=\"how-it-works\" id=\"how-it-works\" ><a class=\"heading-link\" href=\"#how-it-works\">How it works<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h3>\n<p>AI security detections are powered by GitHub’s AI detection engine and automatically run when a pull request is opened or updated. Results appear as the engine returns them. There’s no need to wait for all analysis sources to complete. These findings are informational and won’t block pull request merges.</p>\n<p>To use the feature, AI security detections must be allowed by your Enterprise policy and enabled at the organization level. Additionally, CodeQL default analysis must be enabled on the repository. While CodeQL is not the tool performing the AI analysis, the AI detection engine relies on it to function.</p>\n<h3 id=\"availability\" id=\"availability\" ><a class=\"heading-link\" href=\"#availability\">Availability<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h3>\n<p>This feature is now in public preview on github.com for customers with GitHub Code Security (GitHub Advanced Security). It can be enabled for repositories or organizations that use CodeQL default setup, after being allowed by an enterprise owner at the enterprise level.</p>\n<h3 id=\"billing\" id=\"billing\" ><a class=\"heading-link\" href=\"#billing\">Billing<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h3>\n<p>During public preview, AI security detections require a GitHub Copilot license and draw down your organization’s AI credits. Usage consumes AI credits only when detections run. Learn more about <a href=\"https://docs.github.com/copilot/concepts/billing/usage-based-billing-for-organizations-and-enterprises\">AI credits billing</a>.</p>\n<p>To learn more, check out <a href=\"https://docs.github.com/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning\">our GitHub Code Scanning documentation</a>. Join the discussion and leave feedback on the <a href=\"https://github.com/orgs/community/discussions/201543\">Code scanning shows AI security detections on PRs announcement in the GitHub Community</a>.</p>\n</body></html>\n<p>The post <a href=\"https://github.blog/changelog/2026-07-14-code-scanning-shows-ai-security-detections-on-pull-requests\">Code scanning shows AI security detections on pull requests</a> appeared first on <a href=\"https://github.blog\">The GitHub Blog</a>.</p>\n", "url": "", "image": "", "published": "2026-07-15T04:34:56+00:00" } }, { "id": "546e608aebab42601b872f762270ee3d72ae4896", "source_id": "github_changelog", "source": "GitHub Changelog", "category": "technology", "engine": "rss", "title": "", "summary": "Dependabot now waits until a new release has been available on its registry for at least three days before opening a version update pull request. This cooldown is now the default and requires no configuration. New releases are a common entry point for supply chain attacks where a compromised or broken version can reach your dependency updates before maintainers and the community have caught it. A short delay gives that signal time to surface, so you are less likely to merge a bad release the moment it ships. A few things to know: The default applies only to version updates. Security updates still open immediately, so critical fixes are never delayed. You stay in control. Use the cooldown option in your .github/dependabot.yml to set a different window or opt out entirely. This default applies to Dependabot version updates across all supported ecosystems on github.com and will take effect…", "url": "", "image": "", "published": "2026-07-15T04:34:56+00:00", "score": 89.6, "color": "#ffb347", "raw": { "title": "", "summary": "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\" \"http://www.w3.org/TR/REC-html40/loose.dtd\">\n<html><body><p>Dependabot now waits until a new release has been available on its registry for at least three days before opening a version update pull request. This cooldown is now the default and requires no configuration.</p>\n<p>New releases are a common entry point for supply chain attacks where a compromised or broken version can reach your dependency updates before maintainers and the community have caught it. A short delay gives that signal time to surface, so you are less likely to merge a bad release the moment it ships.</p>\n<p>A few things to know:</p>\n<ul>\n<li>The default applies only to version updates. Security updates still open immediately, so critical fixes are never delayed.</li>\n<li>You stay in control. Use the <code>cooldown</code> option in your <code>.github/dependabot.yml</code> to set a different window or opt out entirely.</li>\n</ul>\n<p>This default applies to Dependabot version updates across all supported ecosystems on github.com and will take effect in GitHub Enterprise Server (GHES) 3.23.</p>\n<p>Learn more in <a href=\"https://docs.github.com/code-security/dependabot/working-with-dependabot/dependabot-options-reference#cooldown-\">our docs about Dependabot cooldowns</a>.</p>\n</body></html>\n<p>The post <a href=\"https://github.blog/changelog/2026-07-14-dependabot-version-updates-introduce-default-package-cooldown\">Dependabot version updates introduce default package cooldown</a> appeared first on <a href=\"https://github.blog\">The GitHub Blog</a>.</p>\n", "url": "", "image": "", "published": "2026-07-15T04:34:56+00:00" } }, { "id": "546e608aebab42601b872f762270ee3d72ae4896", "source_id": "github_changelog", "source": "GitHub Changelog", "category": "technology", "engine": "rss", "title": "", "summary": "You can now run a security review on your in-flight code changes directly from the GitHub Copilot app. The /security-review slash command is shipping in public preview, bringing the same AI-driven vulnerability scanning already available in Copilot CLI into your everyday coding workflow. What it does /security-review analyses your current workstream changes and returns: High-confidence security findings, scored by severity and confidence. Actionable suggestions you can apply and reverify without leaving Copilot. A focused, prioritised view so you can fix the issues that matter before code lands. The scan is tuned to catch common, high-impact vulnerability classes such as injection flaws, cross-site scripting, insecure data handling, path traversal and weak cryptography. Why it matters The /security-review command gives you a way to catch issues while you’re still working without leaving…", "url": "", "image": "https://github.com/user-attachments/assets/a65d22c6-af38-472b-bffe-d4c7ef58e71d", "published": "2026-07-15T04:34:56+00:00", "score": 89.6, "color": "#ffb347", "raw": { "title": "", "summary": "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\" \"http://www.w3.org/TR/REC-html40/loose.dtd\">\n<html><body><p>You can now run a security review on your in-flight code changes directly from the GitHub Copilot app. The <code>/security-review</code> slash command is shipping in public preview, bringing the same AI-driven vulnerability scanning already available in Copilot CLI into your everyday coding workflow.</p>\n<p><img decoding=\"async\" src=\"https://github.com/user-attachments/assets/a65d22c6-af38-472b-bffe-d4c7ef58e71d\" alt=\"The /security-review appearing as a suggested command in the GitHub Copilot app chat window\"></p>\n<h3 id=\"what-it-does\" id=\"what-it-does\" ><a class=\"heading-link\" href=\"#what-it-does\">What it does<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h3>\n<p><code>/security-review</code> analyses your current workstream changes and returns:</p>\n<ul>\n<li>High-confidence security findings, scored by severity and confidence.</li>\n<li>Actionable suggestions you can apply and reverify without leaving Copilot.</li>\n<li>A focused, prioritised view so you can fix the issues that matter before code lands.</li>\n</ul>\n<p>The scan is tuned to catch common, high-impact vulnerability classes such as injection flaws, cross-site scripting, insecure data handling, path traversal and weak cryptography.</p>\n<h3 id=\"why-it-matters\" id=\"why-it-matters\" ><a class=\"heading-link\" href=\"#why-it-matters\">Why it matters<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h3>\n<p>The <code>/security-review</code> command gives you a way to catch issues while you’re still working without leaving your coding environment. It complements GitHub code scanning, Dependabot, and secret scanning by giving you a lightweight, on-demand check on your local changes.</p>\n<h3 id=\"how-to-try-it\" id=\"how-to-try-it\" ><a class=\"heading-link\" href=\"#how-to-try-it\">How to try it<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h3>\n<p>Open a project in the Copilot app, make your code changes, and run <code>/security-review</code> to scan those changes. The command is available to Copilot Free, Pro, Business, and Enterprise users during public preview.</p>\n<p>Join the discussion and share your feedback in the <a href=\"https://github.com/orgs/community/discussions/categories/announcements\">GitHub Community</a>.</p>\n</body></html>\n<p>The post <a href=\"https://github.blog/changelog/2026-07-14-security-reviews-now-available-in-the-github-copilot-app\">Security reviews now available in the GitHub Copilot app</a> appeared first on <a href=\"https://github.blog\">The GitHub Blog</a>.</p>\n", "url": "", "image": "https://github.com/user-attachments/assets/a65d22c6-af38-472b-bffe-d4c7ef58e71d", "published": "2026-07-15T04:34:56+00:00" } }, { "id": "546e608aebab42601b872f762270ee3d72ae4896", "source_id": "github_changelog", "source": "GitHub Changelog", "category": "technology", "engine": "rss", "title": "", "summary": "Starting today, security teams can create, edit, and manage secret scanning custom patterns with the REST API. What’s new The following endpoints are generally available: GET .../secret-scanning/custom-patterns list patterns POST .../secret-scanning/custom-patterns create patterns PATCH .../secret-scanning/custom-patterns/{id} update patterns DELETE .../secret-scanning/custom-patterns delete patterns These endpoints are available at repository, organization, and enterprise levels for secret scanning customers. They cover basic CRUD operations, including creation, deletion, and modification of custom patterns. Dry runs and the final publishing step are still currently completed in the UI. You can follow the GitHub changelog for future updates. Learn more Learn more in the REST API documentation for secret scanning and about custom patterns. The post Manage secret scanning custom patterns…", "url": "", "image": "", "published": "2026-07-15T04:34:56+00:00", "score": 89.6, "color": "#ffb347", "raw": { "title": "", "summary": "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\" \"http://www.w3.org/TR/REC-html40/loose.dtd\">\n<html><body><p>Starting today, security teams can create, edit, and manage secret scanning custom patterns with the REST API.</p>\n<h3 id=\"whats-new\" id=\"whats-new\" ><a class=\"heading-link\" href=\"#whats-new\">What’s new<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h3>\n<p>The following endpoints are generally available:</p>\n<ul>\n<li><code>GET .../secret-scanning/custom-patterns</code> list patterns</li>\n<li><code>POST .../secret-scanning/custom-patterns</code> create patterns</li>\n<li><code>PATCH .../secret-scanning/custom-patterns/{id}</code> update patterns</li>\n<li><code>DELETE .../secret-scanning/custom-patterns</code> delete patterns</li>\n</ul>\n<p>These endpoints are available at repository, organization, and enterprise levels for secret scanning customers. They cover basic CRUD operations, including creation, deletion, and modification of custom patterns. Dry runs and the final publishing step are still currently completed in the UI. You can follow the GitHub changelog for future updates.</p>\n<h3 id=\"learn-more\" id=\"learn-more\" ><a class=\"heading-link\" href=\"#learn-more\">Learn more<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h3>\n<p>Learn more in the <a href=\"https://docs.github.com/rest/secret-scanning\">REST API documentation for secret scanning</a> and <a href=\"https://docs.github.com/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning\">about custom patterns</a>.</p>\n</body></html>\n<p>The post <a href=\"https://github.blog/changelog/2026-07-13-create-and-manage-secret-scanning-custom-patterns-via-rest-api\">Manage secret scanning custom patterns via REST API</a> appeared first on <a href=\"https://github.blog\">The GitHub Blog</a>.</p>\n", "url": "", "image": "", "published": "2026-07-15T04:34:56+00:00" } }, { "id": "546e608aebab42601b872f762270ee3d72ae4896", "source_id": "github_changelog", "source": "GitHub Changelog", "category": "technology", "engine": "rss", "title": "", "summary": "You can now see the number of active committers on repositories using GitHub Code Quality across your enterprise, giving you an estimate of your Code Quality license cost before it becomes a paid product on July 20, 2026. Code Quality is free during the public preview, so this usage isn’t billed today. The estimate helps you understand the per-committer license impact on your bill so you can decide whether to keep Code Quality enabled for your organizations ahead of general availability. Where to find it To view your estimate, go to your billing entity’s Billing and licensing page and open Licensing. The Code Quality card shows your consumed licenses and estimated monthly payment. What the estimate includes The estimate only reflects the per-committer license cost. It doesn’t include the GitHub Actions minutes that CodeQL analysis consumes or the usage-based charges for AI-powered capab…", "url": "", "image": "", "published": "2026-07-15T04:34:56+00:00", "score": 89.6, "color": "#ffb347", "raw": { "title": "", "summary": "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\" \"http://www.w3.org/TR/REC-html40/loose.dtd\">\n<html><body><p>You can now see the number of active committers on repositories using GitHub Code Quality across your enterprise, giving you an estimate of your Code Quality license cost before it becomes a paid product on July 20, 2026.</p>\n<p>Code Quality is free during the public preview, so this usage isn’t billed today. The estimate helps you understand the per-committer license impact on your bill so you can decide whether to keep Code Quality enabled for your organizations ahead of general availability.</p>\n<h3 id=\"where-to-find-it\" id=\"where-to-find-it\" ><a class=\"heading-link\" href=\"#where-to-find-it\">Where to find it<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h3>\n<p>To view your estimate, go to your billing entity’s <strong>Billing and licensing</strong> page and open <strong>Licensing</strong>. The Code Quality card shows your consumed licenses and estimated monthly payment.</p>\n<h3 id=\"what-the-estimate-includes\" id=\"what-the-estimate-includes\" ><a class=\"heading-link\" href=\"#what-the-estimate-includes\">What the estimate includes<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h3>\n<p>The estimate only reflects the per-committer license cost. It doesn’t include the GitHub Actions minutes that CodeQL analysis consumes or the usage-based charges for AI-powered capabilities such as GitHub Copilot Autofix. It also reflects standard list pricing, so it doesn’t account for any discounts that may apply to your account.</p>\n<h3 id=\"availability-and-pricing\" id=\"availability-and-pricing\" ><a class=\"heading-link\" href=\"#availability-and-pricing\">Availability and pricing<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h3>\n<p>GitHub Code Quality is available on GitHub Enterprise Cloud and GitHub Team but isn’t available on GitHub Enterprise Server. When Code Quality becomes generally available on July 20, 2026, it will be priced at $10 per active committer per month. The preview estimates will reflect the committers you will be billed for.</p>\n<h3 id=\"learn-more\" id=\"learn-more\" ><a class=\"heading-link\" href=\"#learn-more\">Learn more<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h3>\n<ul>\n<li>Learn more about <a href=\"https://docs.github.com/code-security/code-quality/how-tos/enable-code-quality\">Enabling Code Quality</a>.</li>\n<li>Share your feedback in the <a href=\"https://github.com/orgs/community/discussions/177488\">GitHub Community</a>.</li>\n</ul>\n</body></html>\n<p>The post <a href=\"https://github.blog/changelog/2026-07-13-github-code-quality-license-estimate-in-public-preview\">GitHub Code Quality license estimate in public preview</a> appeared first on <a href=\"https://github.blog\">The GitHub Blog</a>.</p>\n", "url": "", "image": "", "published": "2026-07-15T04:34:56+00:00" } }, { "id": "546e608aebab42601b872f762270ee3d72ae4896", "source_id": "github_changelog", "source": "GitHub Changelog", "category": "technology", "engine": "rss", "title": "", "summary": "We’ve separated the combined SSO & Organizations page in your user settings into two distinct pages: SSO and Organizations. This update makes it easier to find and manage these settings independently, with a clearer experience in your account settings. If you use SSO or belong to organizations on GitHub, you’ll now see these options on separate pages instead of in a single combined view. Join the discussion within GitHub Community to leave your feedback. The post Separate SSO and Organizations pages in Settings appeared first on The GitHub Blog.", "url": "", "image": "", "published": "2026-07-15T04:34:56+00:00", "score": 89.6, "color": "#ffb347", "raw": { "title": "", "summary": "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\" \"http://www.w3.org/TR/REC-html40/loose.dtd\">\n<html><body><p>We’ve separated the combined <strong>SSO & Organizations</strong> page in your user settings into two distinct pages: <strong>SSO</strong> and <strong>Organizations</strong>.</p>\n<p>This update makes it easier to find and manage these settings independently, with a clearer experience in your account settings.</p>\n<p>If you use SSO or belong to organizations on GitHub, you’ll now see these options on separate pages instead of in a single combined view.</p>\n<p>Join the discussion within <a href=\"https://github.com/orgs/community/discussions/201324\">GitHub Community</a> to leave your feedback.</p>\n</body></html>\n<p>The post <a href=\"https://github.blog/changelog/2026-07-13-separate-sso-and-organizations-pages-in-settings\">Separate SSO and Organizations pages in Settings</a> appeared first on <a href=\"https://github.blog\">The GitHub Blog</a>.</p>\n", "url": "", "image": "", "published": "2026-07-15T04:34:56+00:00" } }, { "id": "546e608aebab42601b872f762270ee3d72ae4896", "source_id": "github_changelog", "source": "GitHub Changelog", "category": "technology", "engine": "rss", "title": "", "summary": "CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.26.0, which adds support for Kotlin 2.4.0, introduces a JavaScript and TypeScript query for system prompt injection, and improves analysis accuracy across multiple languages. Language and framework support Kotlin: CodeQL now supports Kotlin versions up to 2.4.0. C#: We’ve added Razor Page handler method parameters, such as parameters for OnGet, OnPost, and OnPostAsync, as remote flow sources. Security queries such as cs/sql-injection can now detect vulnerabilities involving these parameters in PageModel subclasses. Go: We’ve added models for the log/slog package introduced in Go 1.21. The go/log-injection and go/clear-text-logging queries can now detect issues in code that uses slog package functions and slog.Logger methods. JavaScri…", "url": "", "image": "", "published": "2026-07-15T04:34:56+00:00", "score": 89.6, "color": "#ffb347", "raw": { "title": "", "summary": "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\" \"http://www.w3.org/TR/REC-html40/loose.dtd\">\n<html><body><p>CodeQL is the static analysis engine behind <a href=\"https://docs.github.com/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql\">GitHub code scanning</a>, which finds and remediates security issues in your code. We’ve recently released <a href=\"https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.26.0/\">CodeQL 2.26.0</a>, which adds support for Kotlin 2.4.0, introduces a JavaScript and TypeScript query for system prompt injection, and improves analysis accuracy across multiple languages.</p>\n<h2 id=\"language-and-framework-support\" id=\"language-and-framework-support\" ><a class=\"heading-link\" href=\"#language-and-framework-support\">Language and framework support<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h2>\n<p><strong>Kotlin</strong>: CodeQL now supports Kotlin versions up to 2.4.0.</p>\n<p><strong>C#</strong>: We’ve added Razor Page handler method parameters, such as parameters for <code>OnGet</code>, <code>OnPost</code>, and <code>OnPostAsync</code>, as remote flow sources. Security queries such as <code>cs/sql-injection</code> can now detect vulnerabilities involving these parameters in <code>PageModel</code> subclasses.</p>\n<p><strong>Go</strong>: We’ve added models for the <code>log/slog</code> package introduced in Go 1.21. The <code>go/log-injection</code> and <code>go/clear-text-logging</code> queries can now detect issues in code that uses <code>slog</code> package functions and <code>slog.Logger</code> methods.</p>\n<p><strong>JavaScript/TypeScript</strong>: We’ve added prompt injection sinks for additional OpenAI, Anthropic, and Google GenAI SDK APIs, including Sora prompts, OpenAI Realtime session instructions, Anthropic legacy completion prompts, and Google GenAI cached content and system instructions.</p>\n<h2 id=\"query-changes\" id=\"query-changes\" ><a class=\"heading-link\" href=\"#query-changes\">Query changes<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h2>\n<p><strong>JavaScript/TypeScript</strong></p>\n<ul>\n<li>We’ve added the <code>js/system-prompt-injection</code> query to detect when untrusted, user-provided values flow into an AI model’s system prompt, allowing an attacker to manipulate the model’s behavior.</li>\n<li>We’ve added the experimental <code>javascript/ssrf-ipv6-transition-incomplete-guard</code> query to detect server-side request forgery (SSRF) guards that reject private IPv4 ranges but can be bypassed with IPv6 transition address formats.</li>\n</ul>\n<p><strong>Go</strong></p>\n<ul>\n<li>The <code>go/unhandled-writable-file-close</code> query now produces fewer false positives. It no longer flags a deferred call to <code>Close</code> when every execution path first handles a call to <code>Sync</code> on the same file handle.</li>\n</ul>\n<p><strong>Python</strong></p>\n<ul>\n<li>The <code>py/modification-of-locals</code> query no longer flags modifications to a <code>locals()</code> dictionary after it has passed out of the scope where it was created, reducing false positives.</li>\n</ul>\n<p><strong>Swift</strong></p>\n<ul>\n<li>We’ve improved CryptoKit modeling for the <code>swift/weak-sensitive-data-hashing</code> and <code>swift/weak-password-hashing</code> queries. These queries may now detect additional results.</li>\n</ul>\n<p><strong>GitHub Actions</strong></p>\n<ul>\n<li>We’ve updated the <code>actions/pr-on-self-hosted-runner</code> query to recognize the latest standard runner labels, reducing false positives.</li>\n<li>We’ve corrected the name, description, and alert message for <code>actions/untrusted-checkout/medium</code> to clarify that it applies to a nonprivileged context.</li>\n</ul>\n<p>For a full list of changes, please refer to the complete <a href=\"https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.26.0/\">changelog for version 2.26.0</a>. Every new version of CodeQL is automatically deployed to users of GitHub code scanning on github.com. The new functionality in CodeQL 2.26.0 will also be included in a future GitHub Enterprise Server (GHES) release. If you use an older version of GHES, you can <a href=\"https://docs.github.com/enterprise-server@3.20/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-codeql-analysis-on-a-server-without-internet-access\">manually upgrade your CodeQL version</a>.</p>\n</body></html>\n<p>The post <a href=\"https://github.blog/changelog/2026-07-10-codeql-2-26-0-adds-kotlin-2-4-0-support-and-ai-prompt-injection-detection\">CodeQL 2.26.0 adds Kotlin 2.4.0 support and AI prompt injection detection</a> appeared first on <a href=\"https://github.blog\">The GitHub Blog</a>.</p>\n", "url": "", "image": "", "published": "2026-07-15T04:34:56+00:00" } }, { "id": "546e608aebab42601b872f762270ee3d72ae4896", "source_id": "github_changelog", "source": "GitHub Changelog", "category": "technology", "engine": "rss", "title": "", "summary": "To make secret scanning easier to understand, we’re updating the names we use for our detector types to better reflect how each one finds secrets. This is a naming change only; detection behavior is exactly the same. Before Now Non-provider patterns Generic patterns Copilot secret scanning AI-detected secrets All existing product documentation links continue to work. We’ve added redirects and updated the terminology across our documentation. There are no changes to webhook events, audit log events, or the REST API. There are two kinds of secrets we detect: Provider secrets are issued by a specific service (e.g., an AWS key, a Stripe token). Generic secrets aren’t tied to any provider (e.g., private keys, connection strings, passwords). There are two ways we detect them: Patterns use deterministic detection (i.e., regular expressions combined with additional checks like entropy analysis)…", "url": "", "image": "", "published": "2026-07-15T04:34:56+00:00", "score": 89.6, "color": "#ffb347", "raw": { "title": "", "summary": "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\" \"http://www.w3.org/TR/REC-html40/loose.dtd\">\n<html><body><p>To make secret scanning easier to understand, we’re updating the names we use for our detector types to better reflect how each one finds secrets. This is a naming change only; detection behavior is exactly the same.</p>\n<div data-target=\"content-table-wrap.container\" class=\"content-table-wrap\"><content-table-wrap><table>\n<thead>\n<tr>\n<th>Before</th>\n<th>Now</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>Non-provider patterns</td>\n<td><strong>Generic patterns</strong></td>\n</tr>\n<tr>\n<td>Copilot secret scanning</td>\n<td><strong>AI-detected secrets</strong></td>\n</tr>\n</tbody>\n</table></content-table-wrap></div>\n<p>All existing product documentation links continue to work. We’ve added redirects and updated the terminology across our documentation. There are no changes to webhook events, audit log events, or the REST API.</p>\n<p>There are two kinds of secrets we detect:</p>\n<ul>\n<li><strong>Provider secrets</strong> are issued by a specific service (e.g., an AWS key, a Stripe token).</li>\n<li><strong>Generic secrets</strong> aren’t tied to any provider (e.g., private keys, connection strings, passwords).</li>\n</ul>\n<p>There are two ways we detect them:</p>\n<ul>\n<li><strong>Patterns use deterministic detection</strong> (i.e., regular expressions combined with additional checks like entropy analysis). Patterns reliably catch secrets with a recognizable structure and include both provider patterns for provider secrets, as well as generic patterns like private keys and connection strings.</li>\n<li><strong>AI-detected secrets</strong> use AI to catch generic secrets that don’t follow a predictable format (e.g., passwords). The model reads the surrounding code to find harder-to-detect unstructured secrets.</li>\n</ul>\n<h2 id=\"learn-more\" id=\"learn-more\" ><a class=\"heading-link\" href=\"#learn-more\">Learn more<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"></span></a></h2>\n<p>Learn more about <a href=\"https://docs.github.com/code-security/secret-scanning/introduction/about-secret-scanning\">secret scanning</a> and see the <a href=\"https://docs.github.com/code-security/secret-scanning/introduction/supported-secret-scanning-patterns\">full list of supported secrets</a> in our documentation. Let us know what you think in the <a href=\"https://gh.io/community-secret-scanning\">community discussion</a>.</p>\n</body></html>\n<p>The post <a href=\"https://github.blog/changelog/2026-07-10-clearer-names-for-secret-scanning-detector-types\">Clearer names for secret scanning detector types</a> appeared first on <a href=\"https://github.blog\">The GitHub Blog</a>.</p>\n", "url": "", "image": "", "published": "2026-07-15T04:34:56+00:00" } } ], "count": 10, "cached_at": "2026-07-15T04:34:56+00:00" }
Save file
Quick jump
open a path
Open