Skip to content

Listing applications on GitHub Marketplace got simpler

With the new process of publishing an application on GitHub Marketplace, you can now reach out to millions of GitHub users easier and faster. The simplified process enables you to add paid plans for your applications based on completeness of your organization profile and the listing information. You need not go through security and experience reviews of the application as part of verification. Getting your organization profile reviewed will also provide a badge on all your published applications signifying that you meet the requirements.

CWE and CVSS in Security Advisories

Security Advisories and GitHub Advisory Database now include Common Weakness Enumeration (CWE) and Common Vulnerability Scoring System (CVSS) information for advisories.

When you create a Security Advisory to disclose a vulnerability in your repository, in addition to severity, you can now include the CWE and the CVSS score of the vulnerability.
Security Advisories published by maintainers, as well as other curated vulnerabilities in GitHub's Advisory Database, now appear with CWE and CVSS information.
CWEs provide a consistent way of referring to software weaknesses, and CVSS scores provide more detail on why a vulnerability is a given severity.

To see CWE and CVSS information for an advisory, click on the advisory in the Advisory Database.

Learn more about creating a security advisory

See more

GitHub Actions: Skip pull request and push workflows with [skip ci]

GitHub Actions now supports skipping push and pull_request workflows by looking for some common keywords in your commit message.

If any commit message in your push or the HEAD commit of your PR contains the strings [skip ci], [ci skip], [no ci], [skip actions], or [actions skip] workflows triggered on the push or pull_request events will be skipped.

For questions, visit the GitHub Actions community

To see what's next for Actions, visit our public roadmap

See more
View all changes