Skip to content

Add collaborators to a draft security advisory with the REST API

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud.

We have partnered with Defined to scan for their tokens and help secure our mutual users on public repositories. Defined tokens allow users to access various administrative functions of their managed mesh networking offerings. GitHub will forward access tokens found in public repositories to Defined, which will then email the user. You can read more information about Defined's tokens here.

All users can scan for and block Defined's tokens from entering their public repositories for free with push protection. GitHub Advanced Security customers can also scan for and block Defined tokens in their private repositories.

See more

At GitHub, we store multiple copies of every Git repository our customers push up. Every once in a while, one copy of a Git repository can wind up in a broken state. Usually, our maintenance processes fix the copy automatically, and no one ever notices the problem. Under very rare circumstances, the automation is unable to fix the problem, requiring manual intervention. To prevent further damage from accruing, the automation marks the repository "broken" and doesn't allow further changes (pushes or maintenance).

The GitHub web interface has long shown an informative message informing viewers that the repository is broken. With this change, the Git client will also receive a similar message. Previously, Git would report an unactionable, confusing, and very low-level error such as "fatal: bad tree object 3c8f2e6c8252929ce8334d52bd33b2bc358e7e4c".

See more