GitHub is introducing a free secret risk assessment tool to help development organizations understand their secret leak exposure across GitHub.
Available on April 1 in the Security tab, this tool gives admins and developers a clear view of where secrets are exposed across their organization, helping them take proactive steps to secure their environments.
Screenshot via GitHub announcement.
Also in April, GitHub will be unbundling its GitHub Advanced Security (GHAS) into two standalone security products called Secret Protection and Code Security. As of April 1, each will be available for purchase by Teams customers without an enterprise license. GitHub said the goal is to make these tools more accessible for developers and teams of all sizes.
GitHub Secret Protection detects and prevents secret leaks before they happen using capabilities such as push protection, secret scanning and AI-powered detection with low false positive rates. In 2024, more than 39 million secrets were detected on GitHub repositories, the company stated. It will be available at $19/month per active committer.
GitHub Code Security helps identify and remediate vulnerabilities faster with features such as code scanning, Copilot Autofix, security campaigns and Dependency Review Action. It will be available at $30/month per active committer.
State of Web Dev AI Survey Now Open
The Devographics team, which runs the State of React and State of HTML surveys, is conducting a new developer survey to learn more about where web developers stand with AI. To that end, they’d like to hear from those who use AI as well as those who don’t, said Devographics head Sacha Greif.
The State of Web Dev AI survey expires March 10, so it will only be available until Monday. It takes about 15 minutes and the goal is to identify how modern AI tools are impacting web development. It also includes questions about pain points developers have encountered when using AI models.
Devographics surveys are unusual in that they are created using an open source process, and this survey is no different.
Mistral Rolls Out New OCR API
On Thursday, Mistral introduced a new Optical Character Recognition API, called mistral OCR, that it says can comprehend each element of documents — media, text, tables, equations — with “unprecedented accuracy and cognition.”
“It takes images and PDFs as input and extracts content in an ordered interleaved text and images,” the announcement explained. “As a result, Mistral OCR is an ideal model to use in combination with a RAG system taking multimodal documents (such as slides or complex PDFs) as input.”
TechCrunch reported that the Mistral OCR output is formatted in Markdown. This has traditionally been a developer task — developers use Markdown to add links, headers, and other formatting elements to a text file.
The blog post includes a side-by-side comparison of PDFs and their respective OCRs’ outputs, as well as a video showing Mistral OCR at work.
Mistral added that more than 90% of organizational data is in documents. The company has made Mistral OCR the default model for document understanding across millions of users on Le Chat. The API is available today in the developer suite La Plateforme.
SvelteKit Adds Support for WebSockets
Svelte is doing a once-a-month roll-up of its updates. This month it announced native support for Websockets in SvelteKit as available for testing.
SvelteKit also now supports an option for server-side route resolution, the team added.
“This means that instead of loading the whole routing manifest in the client, and doing the route resolution there, the server runtime is invoked for each route request,” wrote web designer Dani Sandoval on the Svelte blog.
The changelogs for Svelte and SvelteKit offer more details on bug fixes and other changes.
Angular 19.2 Released
Angular announced its latest minor release, version 19.2, is now available with new APIs and experimental features.
This release introduces two significant updates related to the experimental resource API released in Angular v. 19: asynchronous reactivity with the new httpResource and resource streaming with rxResource APIs.
“Developers have been able to use signals for synchronous state in Angular since their introduction in Angular v16. At the same time, developers have been curious as to how they can leverage the power, readability and maintainability of signals for asynchronous dependencies,” the Angular team stated. “The resource API makes it possible to interact with asynchronous data sources while leveraging the developer experience and ergonomics of signals.”
It’s also key to incorporating asynchronous actions like data fetching in Angular, they added.
The experimental httpResource API is also used for fetching data, creating a “low friction reactive way to fetch data over HTTP,” the blog notes. The API participates in Angular’s reactivity system with signals. The team has made a request for comments on the resource API.
This update also incorporates better template ergonomics, the team added. A complete changelog of Angular 19.2 updates is also available.
ChatGPT MacOS App Now Edits Code in Select IDEs
No more cutting and pasting from ChatGPT for some users on the macOS app — the AI tool can now edit code directly in supported IDEs. That includes Xcode, VS Code and JetBrains IDEs.
It’s available to Plus, Pro and Team users, but you’ll need to update the app to use it. It also works with terminals and Notes. The plan is to roll it out to Enterprise, Edu and Free users next week.
The post GitHub Rolls Out Free Secret Risk Assessment Tool appeared first on The New Stack.
