We’ve made huge advances in our security features at GitHub in 2020, with launches for code scanning, secret scanning, Dependabot version updates, dependency review, and more.

In December, we experienced no incidents resulting in service downtime. This month’s GitHub Availability Report will provide a summary and follow-up details on how we addressed an incident mentioned in November’s report.

In celebrating GitHub Security Lab’s one-year anniversary, we explained that we’re expanding our research focus. Why did we make this decision? The decision stemmed from our work with the Open Source Security Coalition (OSSC) where

Last year at GitHub Universe, we introduced the GitHub Security Lab, which is committed to contributing resources, tooling, bounties, and security research to secure the open source ecosystem. We know this isn’t a problem that

Dependency review allows you to easily understand your dependencies before you introduce them to your environment. As part of a pull request, you can see what dependencies you’re introducing, changing, or removing, and information about their vulnerabilities, age, usage, and license.

In July, we announced our intent to require the use of token-based authentication (for example, a personal access, OAuth, or GitHub App installation token) for all authenticated Git operations. Beginning August 13, 2021, we will

Temporary interaction limits have new, powerful, and flexible updates. You can now enable interaction limits for up to six months. In addition, you can limit interactions across all your personal repositories with a single toggle.

Check out the latest announcements from GitHub Universe 2020, including dark mode, Sponsors for companies, improvements to Actions, dependency review, and more.

To best apply DevSecOps principles to improve the security of your supply chain, you should ask your developers to declare your dependencies in code; and in turn provide your developers with maintained ‘golden’ artifacts and automated downstream actions so they can focus on code.

Earlier this year, we upgraded the notifications experience on GitHub, focusing on filters that get you straight to the updates that matter most to you. Just last week, we shipped an update that helps you