GitHub has launched dependency scanning in public preview and made secret scanning generally available for its GitHub MCP Server. These features allow AI coding agents like Claude Code and Cursor to query GitHub's advisory database and surface exposed credentials directly within MCP-connected development environments. The move is part of a broader 'shift left' security strategy — catching vulnerable dependencies, leaked API keys, and unsafe code while it's being written rather than after it's committed or deployed. As AI agents accelerate code generation with less manual review, GitHub is embedding security checks into the tooling layer itself, extending the same logic already used in its Copilot coding agent's mandatory pre-PR security scanning.
Sort: