Ensuring compliance in developer workflows
How GitHub Enterprise ensures secure and compliant developer workflows for highly regulated industries.
Best practices on rolling out code scanning at enterprise scale
Learn best practices on how to roll out centrally managed, developer-centric application security with a third party CI/CD system like Jenkins or ADO.
Measuring enterprise developer productivity
In a recent paper written by Nicole Forsgren and her colleagues, “The SPACE of developer productivity: There’s more to it than you think,” there is an irony that is hard…
Code Scanning a GitHub Repository using GitHub Advanced Security within an Azure DevOps Pipeline
In this blog post we demonstrate how to integrate the GitHub Advanced Security code scanning capability into our Azure DevOps Pipelines. We provide code snippets and examples that can guide you or your developers working to integrate Code Scanning into any 3rd Party CI tool.
Achieving DevSecOps maturity with a developer-first, community-driven approach
GitHub provides the security capabilities to achieve Level 1 of the OWASP DevSecOps Maturity Model. In this post, we explore the principles of DSOMM Level 1 and how you can implement secret scanning, SCA, SAST and DAST using native tooling on GitHub.
The GitHub Enterprise Audit log API for GraphQL beginners
The newly shipped GitHut Audit log API allows you to make efficient queries for specific log data. Learn more about how to get started with the API.