Organization APIs for fine-grained PATs management
Organization owners can now automate the approval and auditing of fine-grained personal access tokens (PATs) in their organization using a GitHub app. New APIs and webhook events allow a GitHub…
GitHub Actions: The setup-go Action now enables caching by default
Enabling caching by default has demonstrated improved workflow performance, and can reduce build times by 20-40% for repositories with dependencies greater than 100 MB! This change has been made to…
GitHub Actions: SBOMs are now attached to hosted runner image releases for macOS
In addition to Ubuntu & Windows, GitHub Actions now attaches a SBOM (Software Bill of Materials) to hosted runner image releases for macOS. In the context of GitHub Actions hosted…
Introducing the GitHub Classroom CLI extension for the GitHub CLI
We’re thrilled to introduce the GitHub Classroom CLI extension for the GitHub CLI, designed to simplify the lives of teachers everywhere. With this powerful new tooling, teachers can create their…
Fixed bug that allowed private issues and pull request titles to be shown in search results
GitHub Security was notified about an issue where private issue and pull request titles would be displayed in search results. Our Security team investigated potential instances and determined that this…
Roadmaps in Projects are now generally available
Today we are announcing the general availability (GA) of roadmaps in GitHub Projects! 🎉 🗺 Roadmaps for all Since we announced the public beta of roadmaps earlier this year, we’ve…
Block ambiguous branch and tag names
GitHub blocks branch and tag names which begin with refs/. Under the hood, all Git refs begin with a prefix (refs/heads/ for branches and refs/tags/ for tags). In typical use,…
Code scanning API to enable default setup with CodeQL on a repository
Code scanning have shipped an API for repositories to programmatically enable code scanning default setup with CodeQL. The API can be used to: Onboard a repository to default setup: gh…
General availability of granular access token on npm
Today we are making the granular access token feature on npm generally available. Granular access token, allows you to: Restrict token access to specific packages and/or scopes Grant tokens access…
You can now use the “security extended” query suite in code scanning default setup with CodeQL
You can now enable the “security extended” query suite for repositories using code scanning default setup with CodeQL. This query suite can be selected during set up, or changed at…
Enable code scanning default setup with CodeQL at the organization level (public beta)
Enabling CodeQL analysis with code scanning default setup for eligible repositories in your organization is now as easy as a single click from the organization’s settings page or a single…
Secret scanning changes to how you opt in to notifications
We announced two weeks ago that we are changing how you receive notifications for secret scanning alerts. From today, those changes are in effect. What action should I take? If…
Code scanning shows more accurate and relevant alerts on pull requests
Code scanning is now using a new way of analysing and displaying alerts on pull requests. The change ensures code scanning only shows accurate and relevant alerts for the pull…
SSH Certificate requirement update
The “Require SSH certificates” policy now allows GitHub apps to call Git APIs using a user-to-server token, bringing them up to parity with OAuth app support. The SSH certificate requirement…
Fixed bug that allowed removed users to retain access to the organization
GitHub Security was notified about an issue where users still had access to organizations after being removed. Our Security team investigated potential instances and determined there were occasional instances where…
The world's largest developer platform
GitHub
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
GitHub Universe 2025
Last chance: Save $700 on your IRL pass to Universe and join us on Oct. 28-29 in San Francisco.