Dependabot auto-triage rules support CVE IDs and GHSA IDs
Dependabot auto-triage rules support CVE IDs and GHSA IDs
GitHub Blog Search
Search Results for: triage
Dependabot user-defined rules for security updates and alerts; enforcement of auto-triage rules and presets for organizations (public beta)
Dependabot user-defined rules for security updates and alerts; enforcement of auto-triage rules and presets for organizations (public beta)
Custom auto-triage rules for Dependabot alerts (public beta)
Custom auto-triage rules for Dependabot alerts (public beta)
Expanding the Triage role and introducing new options for how content is reported
Expanding the Triage role and introducing new options for how content is reported
Expanding REST API support for triage and maintain roles
Expanding REST API support for triage and maintain roles
Updates to triage and maintain roles (beta)
The triage and maintain roles now have expanded permissions. Users with the triage role can request reviews on pull requests, mark issues and pull requests as duplicates, and add or…
Triage and maintain roles (beta)
Administrators of organization-owned repositories can now assign "triage" and "maintain" roles to collaborators and teams as part of a public beta preview. If a contributor proves their ability to drive…
Cybersecurity spotlight on bug bounty researcher @inspector-ambitious
For this year’s Cybersecurity Awareness Month, the GitHub bug bounty team is excited to feature another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program—@inspector-ambitious!
Calling all teachers! Learn how to build new commands on the GitHub Classroom CLI
In this step-by-step tutorial, we’ll dive into how you can become the next open source contributor to the GitHub Classroom CLI, building commands that you can use to improve your workflow as an educator!
A checklist and guide to get your repository collaboration-ready
In the world of software development, collaboration can make the difference between a brittle last-minute release and a reliable, maintainable, pain-free project. Whether you’ve been coding for a day or a decade, your colleagues are there to help strengthen your work. But they can only help if you’ve given them the tools to do so.
Demonstrating end-to-end traceability with pull requests
Reduce developer and auditor friction involved in demonstrating compliance and maintaining end-to-end traceability by focusing your efforts around the pull request.
Elevating open source contributors to open source maintainers
Experts explain how to recruit and onboard co-maintainers.
CodeQL zero to hero part 1: the fundamentals of static analysis for vulnerability research
Learn more about static analysis and how to use it for security research! In this blog post series, we will take a closer look at static analysis concepts, present GitHub’s static analysis tool CodeQL, and teach you how to leverage static analysis for security research by writing custom CodeQL queries.
How the Grafana Alerting team scales their issue management with GitHub Projects
Hear from Grafana Labs' Armand Grillet about how his team uses GitHub Projects.
GitHub Security Lab audited DataHub: Here’s what they found
The GitHub Security Lab audited DataHub, an open source metadata platform, and discovered several vulnerabilities in the platform's authentication and authorization modules. These vulnerabilities could have enabled an attacker to bypass authentication and gain access to sensitive data stored on the platform.
Secret scanning alerts are now available (and free) for all public repositories
Secret scanning alerts are now generally available for all public repositories. Admins can now turn on the alert experience with one click.
How the GitHub Docs team uses GitHub Projects
Explore how the GitHub Docs team uses GitHub Projects for content coordination, reviews, and publishing.
GitHub Discussions just got better with Category Forms!
Category Forms allow maintainers to create templates for their GitHub Discussions, which means that users can start new discussions with all the necessary information already included.