The GitHub Blog: Product News and Updates

April 22, 2021

GitHub Actions update: Helping maintainers combat bad actors

GitHub Actions is a powerful, flexible CI/CD service that gives developers the ability to automate all of their software workflows. Developers have built amazing things with GitHub Actions, and the CI/CD service has dramatically accelerated

Chris Patterson

April 15, 2021

Product

Work with GitHub Actions in your terminal with GitHub CLI

gh brings GitHub to the command line by helping developers manage pull requests, issues, gists, and much more. As of 1.9.0, even more of GitHub is available in your terminal: GitHub Actions. It’s already possible

Nate Smith

April 13, 2021

Implementing least privilege for secrets in GitHub Actions

GitHub Actions provide a powerful, extensible way to automate software development workflows. When access to outside resources is required, GitHub provides the ability to store encrypted secrets used by GitHub Actions to authenticate against these

Philip Holleran

March 30, 2021

Product

Introducing new push notifications, scheduling, releases and more on GitHub Mobile

GitHub Mobile helps you get work done when you’re on the go, wherever you go. You’ve told us that you’d like more options for push notifications and viewing releases on mobile, but also want more

Candy Ho

March 30, 2021

GitHub Desktop now supports cherry-picking

GitHub Desktop aims to provide an intuitive way for users to complete everyday Git and GitHub workflows. One of our most requested features from the past year is cherry-picking, and we’re excited to release it

Rebecca Hovemeyer

March 16, 2021

Using GitHub code scanning and CodeQL to detect traces of Solorigate and other backdoors

Last month, a member of the CodeQL security community contributed multiple CodeQL queries for C# codebases that can help organizations assess whether they are affected by the SolarWinds nation-state attack on various parts of critical

Bas van Schaik

March 15, 2021

Dependabot ❤️s private dependencies

Dependabot’s mission is to keep all of your dependencies free of vulnerabilities and up-to-date, but until now, it hasn’t been able to update all of your private dependencies. That meant that internal libraries, shared design

Mike McDonald

March 11, 2021

Product

Scripting with GitHub CLI

It has been a year since we’ve launched the first public release of GitHub CLI. Since, we have added functionality to manage your repositories, comment on issues, enable auto-merge for pull requests, securely configure secret

Mislav Marohnić

February 16, 2021

GitHub Enterprise Server 3.0 is now generally available

Today we’re announcing general availability of GitHub Enterprise Server 3.0. Introduced during the GitHub Universe 2020 keynote, it’s the biggest ever change to Enterprise Server. Every company using GitHub can now safely and securely take

Maya Ross

February 12, 2021

Avoiding npm substitution attacks

Supply chain attacks are a reality in modern software development. Thankfully, you can reduce the attack surface by taking precautions and being thoughtful about how you manage your dependencies. We hope you walk away from

Isaac Z. Schlueter