jun 9, 2026
2 links from the engineering internet.
github.blog
aiinfra
github ships security validation for third-party coding agents
code written by third-party agents like claude and openai codex in a repo now gets the same automatic codeql, dependency-review, and secret-scanning checks as copilot's cloud agent, and the agent tries to fix flagged issues before finalizing the pull request.
github.blog
infra
github adds scheduled code scanning for inactive repositories
code scanning can now run scheduled security scans on repos with no pushes or pull requests for six months or more, re-scanning inactive repositories every 30 days so dormant codebases keep getting coverage instead of going dark.